Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWpvulndbWPEX-ID:CDD5C7A9-CA6D-40D9-9A38-650B4C8E1305
HistoryMar 29, 2021 - 12:00 a.m.

Virtual Robots.txt < 1.10 - Authenticated Stored Cross-Site Scripting (XSS)

2021-03-2900:00:00
wpvulndb
78
xss
authenticated
cross-site scripting
plugin settings
user agents
directives
disallow
exploit

EPSS

0.002

Percentile

60.7%

JSON

The plugin did not sanitise the content of the robots.txt, allowing high privilege users (admin+) to use XSS payloads, which will be output back in the settings page of the plugin.

Put the following directive in the plugin settings "User Agents and Directives for this site"

Disallow: /wp-register.php</textarea></td></tr><script>alert(1);</script>

Related

nvd 1
cvelist 1
wpvulndb 1
prion 1
cve 1
nvd
nvd
CVE-2021-28121
2021-08-12 22:15:07
cvelist
cvelist
CVE-2021-28121
2021-08-12 22:00:07
wpvulndb
wpvulndb
Virtual Robots.txt < 1.10 - Authenticated Stored Cross-Site Scripting (XSS)
2021-03-29 00:00:00
prion
prion
Design/Logic Flaw
2021-08-12 22:15:00
cve
cve
CVE-2021-28121
2021-08-12 22:15:07

EPSS

0.002

Percentile

60.7%

JSON
Related for WPEX-ID:CDD5C7A9-CA6D-40D9-9A38-650B4C8E1305
nvd1cvelist1wpvulndb1prion1cve1