CVE-2021-25099
published 2022-02-21CVE-2021-25099: The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated…
PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.15%
79.8th percentile
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| givewp | givewp | < 2.17.3 | 2.17.3 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress GiveWP <2.17.3 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-25099 [MEDIUM] WordPress GiveWP <2.17.3 - Cross-Site Scripting
WordPress GiveWP alert(document.domain)
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "alert(document.domain)")'
- 'contains(body, "give_user_login")'
condition: and
# digest: 4a0a0047304502202ef6b8d52f607c95a27e96679e23fd204d9f2b627262df98ad6225e4a7105b86022100fb2fe253f57332005e7b4207bd65cd03ec083a5b4dda2b34641a473a862af254:922c64590222798bb761d5b6d8e72950
2022-02-21
Published