Lucene search

K

WordPress Mortgage Calculators WP 1.52 Plugin - Stored Cross-Site Scripting Vulnerability

🗓️ 27 Jan 2022 00:00:00Reported by Ceylan BOZOĞULLARINDANType 
zdt
 zdt
🔗 0day.today👁 181 Views

WordPress Mortgage Calculators WP 1.52 Plugin Stored Cross-Site Scripting Vulnerability, Real-Time Estimates, Sanitisation Issu

Show more
Related
Code
# Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)
# Exploit Author: Ceylan Bozogullarindan
# Vendor Homepage: https://lenderd.com/
# Software Link: https://mortgagecalculatorsplugin.com/
# Version: 1.52
# Tested on: Linux
# CVE : CVE-2021-24904 (https://wpscan.com/vulnerability/7b80f89b-e724-41c5-aa03-21d1eef50f21)


# Description:
The plugin gives users real-time estimates by providing mortgage calculators. It does not implement any sanitisation on the color value of the background of a calculator in admin panel, which could lead to authenticated Stored Cross-Site Scripting issues. An attacker can execute malicious javascript codes for all visitors of a page containing the calculator.


# Steps To Reproduce:
1. Go to settings page available under the "Calculator" menu item.
2. Click the "Select Color" button and type the following payload the input space: `hacked</style></head><script>alert(1)</script>`
3. Click the "Save Changes" button to save settings.
4. Create a new page and add the shortcode ([mcwp type="cv"]) of the calculator, for testing.
5. Visit the page to trigger XSS.

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Jan 2022 00:00Current
5.2Medium risk
Vulners AI Score5.2
EPSS0.001
181
.json
Report