icon

We found results for “

CVE-2021-24339

Date: June 21, 2021

Overview

In Pods WordPress Plugin, versions 2.4.4.1 to 2.7.26 are vulnerable to Stored Cross-Site Scripting (XSS) due to user input not being validated properly in the `Menu Label` field parameter. An authenticated attacker could inject malicious code into the input field before rendering it in the web page.

Details

The WordPress `Pods - Custom Content Types and Fields` plugin can be abused by Stored Cross-Site Scripting vulnerability since the plugin performs improper validation of the input sent to the `Menu Label` field parameter value before rendering it on the web page. Due to this flaw, an authenticated attacker can cause Stored Cross-Site Scripting.

PoC Details

On a Wordpress application with `pods` plugin installed and activated, you will find a `pods admin` option in the left side menu bar. Click on this option, then click on `Add New` -> `Create New`. Select `Content Type` as `Custom Setting Page` from the drop-down menu and place the given payload in `Menu Label` text field, and fill the remaining fields. Click on `Next Step` and the given payload gets executed and an alert box will appear. This payload will get executed when you open the pods page.

PoC Code

<script>alert(1234)</script>

Affected Environments

2.4.4.1-2.7.26

Prevention

Upgrade to 2.7.27

Language: PHP

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version 2.7.27

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: