CVE-2016-15041
published 2024-10-16CVE-2016-15041: The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.23%
65.1th percentile
The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mainwp | mainwp_dashboard | <= 3.1.2 | — |
| mainwp | mainwp_dashboard_self-hosted_wordpress_management_for_agencies | < 3.1.3 | 3.1.3 |
Detection & IOCsextracted from sources · hover to see the quote
commandmwp_setup_purchase_username={{randstr}}"+onmouseover%3Dalert(document.domain)+x%3D"&mwp_setup_purchase_passwd=test&save_step=1↗
- →Detect exploitation attempt by matching the XSS payload in the POST body targeting the vulnerable parameter ↗
- →Detect stored XSS payload in HTTP response body — look for the string ' onmouseover=alert(document.domain) x' in pages served from the MainWP setup wizard ↗
- →Flag unauthenticated POST requests to /wp-admin/admin-post.php with query parameters page=mainwp-setup&step=purchase_extension as potential exploitation of CVE-2016-15041 ↗
- →Version fingerprinting: check /wp-content/plugins/mainwp-vuln/readme.txt for 'Stable tag:' value <= 3.1.2 to confirm vulnerable plugin version ↗
- →Confirm MainWP setup wizard page presence by matching keywords 'MainWP', 'Setup Wizard', and 'mwp_setup_purchase_username' in the response body ↗
- →Extract WordPress nonce from the setup page response using regex '_wpnonce" value="([a-zA-Z0-9]+)"' for use in the exploit POST request ↗
- ·The vulnerability is exploitable by unauthenticated attackers — no authentication is required to POST the malicious payload to the setup wizard endpoint ↗
- ·The attack requires two HTTP steps: first a GET to retrieve the nonce, then a POST with the XSS payload; detection logic must account for this multi-step flow ↗
- ·Affected versions are up to and including 3.1.2; version check against readme.txt Stable tag is required to avoid false positives on patched installs ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c7x4-5776-rm5h: The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scriptin
ghsa_unreviewed·2024-10-16
CVE-2016-15041 [HIGH] CWE-79 GHSA-c7x4-5776-rm5h: The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scriptin
The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VulnCheck
MainWP Dashboard -The Private WordPress Manager for Multiple Website Maintenance Plugin mwp_setup_purchase_username' Parameter Vulnerability
vulncheck·2016·CVSS 7.2
CVE-2016-15041 [HIGH] MainWP Dashboard -The Private WordPress Manager for Multiple Website Maintenance Plugin mwp_setup_purchase_username' Parameter Vulnerability
MainWP Dashboard -The Private WordPress Manager for Multiple Website Maintenance Plugin mwp_setup_purchase_username' Parameter Vulnerability
The MainWP Dashboard -The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mwp_setup_purchase_username' parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected: MainWP MainWP Dashboard -The Private WordPress Manager for Multiple Website Maintenance Plugin
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of
No detection rules found.
Nuclei
MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2016-15041 [MEDIUM] MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to 3.1.2 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in 'mwp_setup_purchase_username' parameter, letting unauthenticated attackers inject and execute arbitrary scripts when users access affected pages.
Template:
id: CVE-2016-15041
info:
name: MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
author: flame
severity: high
description: |
MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to 3.1.2 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping
No writeups or analysis indexed.
https://klikki.fi/adv/mainwp.htmlhttps://web.archive.org/web/20191101060009/https%3A//klikki.fi/adv/mainwp.htmlhttps://www.acunetix.com/vulnerabilities/web/wordpress-plugin-mainwp-dashboard-cross-site-scripting-3-1-2/https://www.wordfence.com/threat-intel/vulnerabilities/id/a9b1445f-3b6b-40fa-9a12-f55d63668dda?source=cve
2024-10-16
Published
Exploited in the wild