Lucene search
RenniepakWPVDB-ID:3E855E09-056F-45B5-89A9-D644B7D8C9D0HistoryJun 28, 2021 - 12:00 a.m.
W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
2021-06-2800:00:00
renniepak
wpscan.com
12
plugin
reflected xss
extensions page
javascript context
setting
anonymously track usage
admin
compromise
EPSS
0.001
Percentile
43.5%
The plugin was affected by a reflected Cross-Site Scripting (XSS) issue within the “extension” parameter in the Extensions dashboard, when the ‘Anonymously track usage to improve product quality’ setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user’s web browser, which could lead to full site compromise.
PoC
With the ‘Anonymously track usage to improve product quality’ settings (in the plugin General Settings) turned on, open the URL below https://example.com/wp-admin/admin.php?page=w3tc_extensions&extension;=‘-alert(document.domain)-’
Related
nuclei
nuclei
WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting
2023-03-18 22:07:09
nvd
nvd
CVE-2021-24452
2021-07-19 11:15:08
prion
prion
Cross site scripting
2021-07-19 11:15:00
openvas
openvas
WordPress W3 Total Cache Plugin < 2.1.5 XSS Vulnerability
2022-06-23 00:00:00
patchstack
patchstack
cvelist
cvelist
wpexploit
wpexploit
W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
2021-06-28 00:00:00
cve
cve
CVE-2021-24452
2021-07-19 11:15:08