Lucene search
Krzysztof ZającWPVDB-ID:01D430EA-EF85-4529-9AE4-C1F70016BB75HistoryDec 28, 2021 - 12:00 a.m.
Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS
2021-12-2800:00:00
Krzysztof Zając
wpscan.com
10
insight core
php object injection
stored xss
user input validation
authentication
csrf protection
EPSS
0.001
Percentile
24.8%
The plugin does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks
PoC
let formData = new FormData; formData.append(‘import-file’, new Blob(['a:1:{s:16:“background_color”;s:34:"alert(/XSS/);
Related
nvd
nvd
CVE-2021-24950
2022-03-14 15:15:08
prion
prion
Cross site scripting
2022-03-14 15:15:00
cnvd
cnvd
WordPress Insight Core has an unspecified vulnerability
2022-03-16 00:00:00
cvelist
cvelist
wpexploit
wpexploit
Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS
2021-12-28 00:00:00
cve
cve
CVE-2021-24950
2022-03-14 15:15:08