W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

2021-06-28T00:00:00

Description

The plugin was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.

{"id": "WPEX-ID:05988EBB-7378-4A3A-9D2D-30F8F58FE9EF", "type": "wpexploit", "bulletinFamily": "exploit", "title": "W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)", "description": "The plugin was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the \"extension\" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n", "published": "2021-06-28T00:00:00", "modified": "2021-08-10T07:05:28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "renniepak", "references": [], "cvelist": ["CVE-2021-24436"], "immutableFields": [], "lastseen": "2021-09-14T23:09:59", "viewCount": 84, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24436"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:05988EBB-7378-4A3A-9D2D-30F8F58FE9EF"]}], "rev": 4}, "score": {"value": 3.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-24436"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:05988EBB-7378-4A3A-9D2D-30F8F58FE9EF"]}]}, "exploitation": null, "vulnersScore": 3.9}, "sourceData": "https://example.com/wp-admin/admin.php?page=w3tc_extensions&extension=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", "generation": 0, "_state": {"dependencies": 1645965333}}

{"patchstack": [{"lastseen": "2022-06-01T19:31:45", "description": "Reflected Cross-Site Scripting (XSS) vulnerability discovered by renniepak in WordPress W3 Total Cache plugin (versions <= 2.1.3).\n\n## Solution\n\n\r\n Update the WordPress W3 Total Cache plugin to the latest available version (at least 2.1.4).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-06-28T00:00:00", "type": "patchstack", "title": "WordPress W3 Total Cache plugin <= 2.1.3 - Reflected Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24436"], "modified": "2021-06-28T00:00:00", "id": "PATCHSTACK:9AB8A9F3D8B65A7670617D0B4E7C35B3", "href": "https://patchstack.com/database/vulnerability/w3-total-cache/wordpress-w3-total-cache-plugin-2-1-3-reflected-cross-site-scripting-xss-vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-09-14T23:09:59", "description": "The plugin was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the \"extension\" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n\n### PoC\n\nhttps://example.com/wp-admin/admin.php?page=w3tc_extensions&extension;=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E\n", "cvss3": {}, "published": "2021-06-28T00:00:00", "type": "wpvulndb", "title": "W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-24436"], "modified": "2021-08-10T07:05:28", "id": "WPVDB-ID:05988EBB-7378-4A3A-9D2D-30F8F58FE9EF", "href": "https://wpscan.com/vulnerability/05988ebb-7378-4a3a-9d2d-30f8f58fe9ef", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T14:54:38", "description": "The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the \"extension\" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-07-19T11:15:00", "type": "cve", "title": "CVE-2021-24436", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24436"], "modified": "2021-07-28T13:22:00", "cpe": [], "id": "CVE-2021-24436", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24436", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}]}

W3 Total Cache &lt; 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

Description

Related

W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)