CVE-2021-24316
published 2021-06-01CVE-2021-24316: The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to…
PriorityP341medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
6.44%
92.9th percentile
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wowthemes | mediumish | <= 1.0.47 | — |
| wowthemes | mediumish | 1.0.47 – 1.0.47 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerable parameter is the 's' GET parameter in the search feature of the Mediumish WordPress theme (through version 1.0.47). Monitor HTTP requests containing unsanitised script payloads in the 's' query string parameter. ↗
- ·The nuclei template uses a randomised string payload ({{randstr}}) wrapped in alert() to confirm reflected XSS; adapt the payload to your testing policy before use.
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-24316 [MEDIUM] WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
WordPress Mediumish Theme alert(/{{randstr}}/)
- Sorry, no posts matched your criteria.
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 490a0046304402205ab2c0cfcb6524996e3c114ce425cafe1198eda8207371e9c6b07ff6f5591d6c02204c1870c113bbc50d67756e9fa7fcff795c26ff31b5cea2f536d1021bc8d65e0d:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txthttps://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2ehttps://www.wowthemes.net/themes/mediumish-wordpress/https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txthttps://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2ehttps://www.wowthemes.net/themes/mediumish-wordpress/
2021-06-01
Published