CVE-2021-24522
published 2021-08-09CVE-2021-24522: The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed…
PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.29%
66.5th percentile
The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could be used in an XSS attack which could lead to wp-admin access. Further, the plugin in several places assigned $_POST as $_GET which meant that in some cases this could be replicated with just $_GET parameters and no need for $_POST values.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| properfraction | profilepress | < 3.1.11 | 3.1.11 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
ProfilePress < 3.1.11 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-24522 [MEDIUM] ProfilePress < 3.1.11 - Cross-Site Scripting
ProfilePress alert(document.domain) HTTP/1.1
Host: {{Hostname}}
payloads:
path:
- /
- /wp-login
- /wp-login.php
host-redirects: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'alert(document.domain)'
- type: word
part: content_type
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a00483046022100958cd710719254aa4a6f4fc685c883c72d1ee612b81357b8e9c0f59ef45fa21b022100c3688cd04eec17c90a90e6a6be54e19c2b9bfe5cdfe42a96743b4e4c80ad0aab:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2021-08-09
Published