Description
Reflected Cross-Site Scripting (XSS) vulnerability discovered by apple502j in WordPress WP Header Images plugin (versions <= 2.0.0).
## Solution
Update the WordPress WP Header Images plugin to the latest available version (at least 2.0.1).
Affected Software
Related
{"id": "PATCHSTACK:7E65212BF90E57C1D226927EB3BB5FCC", "vendorId": null, "type": "patchstack", "bulletinFamily": "software", "title": "WordPress WP Header Images plugin <= 2.0.0 - Reflected Cross-Site Scripting (XSS) vulnerability", "description": "Reflected Cross-Site Scripting (XSS) vulnerability discovered by apple502j in WordPress WP Header Images plugin (versions <= 2.0.0).\n\n## Solution\n\n\r\n Update the WordPress WP Header Images plugin to the latest available version (at least 2.0.1).\r\n ", "published": "2021-10-11T00:00:00", "modified": "2021-10-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "https://patchstack.com/database/vulnerability/wp-header-images/wordpress-wp-header-images-plugin-2-0-0-reflected-cross-site-scripting-xss-vulnerability", "reporter": "apple502j", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24798", "https://wpscan.com/vulnerability/58c9a007-42db-4142-b096-0b9ba8850f87", "https://wordpress.org/plugins/wp-header-images/#developers"], "cvelist": ["CVE-2021-24798"], "immutableFields": [], "lastseen": "2022-06-01T19:29:30", "viewCount": 1, "enchantments": {"score": {"value": 1.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24798"]}, {"type": "wpexploit", "idList": ["WPEX-ID:58C9A007-42DB-4142-B096-0B9BA8850F87"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:58C9A007-42DB-4142-B096-0B9BA8850F87"]}]}, "affected_software": {"major_version": [{"name": "wp header images", "version": 2}]}, "vulnersScore": 1.2}, "_state": {"score": 1660007483, "dependencies": 1660004461, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "c3b4e59473fa6f22375c69794a7f27a7"}, "affectedSoftware": [{"version": "2.0.0", "operator": "le", "name": "wp header images"}], "vendor_cvss": {"score": "3.1", "severity": "Medium severity"}, "owasp": "A7: Cross-Site Scripting (XSS)", "classification": "Cross Site Scripting (XSS)"}
{"cve": [{"lastseen": "2022-03-23T15:03:58", "description": "The WP Header Images WordPress plugin before 2.0.1 does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting issue", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-11-08T18:15:00", "type": "cve", "title": "CVE-2021-24798", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24798"], "modified": "2021-11-10T17:31:00", "cpe": [], "id": "CVE-2021-24798", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24798", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "cnvd": [{"lastseen": "2022-11-05T07:34:04", "description": "WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin WP Header Images version 2.0.1 prior to the cross-site scripting vulnerability, which stems from the plugin's failure to output t parameters to the plugin's settings page before filtering and escaping, leading to a reflection cross-site scripting issue. No details of the vulnerability are currently available.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-11-10T00:00:00", "type": "cnvd", "title": "WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101469)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24798"], "modified": "2021-12-22T00:00:00", "id": "CNVD-2021-101469", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-101469", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-11-26T19:18:43", "description": "The plugin does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting issue\n\n### PoC\n\nhttps://example.com/wp-admin/options-general.php?page=wp_hi&t;=5\">\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-10-11T00:00:00", "type": "wpvulndb", "title": "WP Header Images < 2.0.1 - Reflected Cross-Site Scripting", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24798"], "modified": "2021-10-11T08:45:34", "id": "WPVDB-ID:58C9A007-42DB-4142-B096-0B9BA8850F87", "href": "https://wpscan.com/vulnerability/58c9a007-42db-4142-b096-0b9ba8850f87", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpexploit": [{"lastseen": "2021-11-26T19:18:43", "description": "The plugin does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting issue\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-10-11T00:00:00", "type": "wpexploit", "title": "WP Header Images < 2.0.1 - Reflected Cross-Site Scripting", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24798"], "modified": "2021-10-11T08:45:34", "id": "WPEX-ID:58C9A007-42DB-4142-B096-0B9BA8850F87", "href": "", "sourceData": "https://example.com/wp-admin/options-general.php?page=wp_hi&t=5\"><script>alert(/XSS/)</script>", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
WordPress WP Header Images plugin <= 2.0.0 - Reflected Cross-Site Scripting (XSS) vulnerability
