icon

We found results for “

CVE-2021-24366

Date: June 21, 2021

Overview

The Admin Columns WordPress plugin, Free and Pro versions, rendered input on the posted pages with improper input validation on the value passed into the field `Label` parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it.

Details

The WordPress `Admin Columns` plugin has a feature to add new customized column fields. This plugin can be abused by Stored Cross-Site Scripting vulnerability since the plugin performs improper validations on the input sent to the custom column field `Label` parameter before rendering it on a published web page/post. Due to this flaw, an authenticated attacker can cause Stored Cross-Site Scripting.

PoC Details

The WordPress `Admin Columns` plugin renders the given input on the posted pages with improper input validation on the value passed into the field `Label` parameter, by taking this as an advantage an attacker can supply a crafted arbitrary script and execute it. After activating the installed plugin you will find a new option in the `Settings` options of the left side menu bar with new sub options as `Admin Columns`. Now click on the `Admin Columns` option from the `Setting` menu, it will give a page to add admin columns, then click on the `Add Column' button. Now place the payload in the `Label` text field and click on the update button. The given input payload will create a column field with a hyperlink. To see the newly added columns field, click on the `View` button. After clicking on the View button, this will show the newly added column fields as shown below. The given payload created a hyperlink with malicious JavaScript, the code will get executed once the hyperlinks has been clicked

PoC Code

<a href="javascript:alert('XSS in admin columns plugin!');">click here</a>

Affected Environments

3.0-4.2.7

Prevention

Upgrade to 4.3

Language: PHP

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version 4.3

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: