Home[1] Files[2] News[3] Contact[4] Add New[5]
- WordPress Mortgage Calculators WP 1.52 Cross Site Scripting[6]
- Authored by Ceylan Bozogullarindan[7]
-
WordPress Mortgage Calculators WP plugin version 1.52 suffers from a persistent cross site scripting vulnerability.
- advisories | CVE-2021-24904[8]
- MD5 |
244a7ae033a33d6c4e56be58e6a7618c - Download[9] | Favorite[10] | View[11]
Change Mirror[12] Download[13]
# Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)
# Date: 25-10-2021
# Exploit Author: Ceylan Bozogullarindan
# Vendor Homepage: https://lenderd.com/
# Software Link: https://mortgagecalculatorsplugin.com/
# Version: 1.52
# Tested on: Linux
# CVE : CVE-2021-24904 (https://wpscan.com/vulnerability/7b80f89b-e724-41c5-aa03-21d1eef50f21)
# Description:
The plugin gives users real-time estimates by providing mortgage calculators. It does not implement any sanitisation on the color value of the background of a calculator in admin panel, which could lead to authenticated Stored Cross-Site Scripting issues. An attacker can execute malicious javascript codes for all visitors of a page containing the calculator.
# Steps To Reproduce:
1. Go to settings page available under the "Calculator" menu item.
2. Click the "Select Color" button and type the following payload the input space: `hacked</style></head><script>alert(1)</script>`
3. Click the "Save Changes" button to save settings.
4. Create a new page and add the shortcode ([mcwp type="cv"]) of the calculator, for testing.
5. Visit the page to trigger XSS.
Follow us on Twitter
Follow us on
Facebook
Subscribe to an RSS
FeedFile Tags
- ActiveX[19] (932)
- Advisory[20] (76,631)
- Arbitrary[21] (14,941)
- BBS[22] (2,859)
- Bypass[23] (1,518)
- CGI[24] (1,009)
- Code Execution[25] (6,468)
- Conference[26] (666)
- Cracker[27] (797)
- CSRF[28] (3,247)
- DoS[29] (21,551)
- Encryption[30] (2,319)
- Exploit[31] (49,154)
- File Inclusion[32] (4,121)
- File Upload[33] (933)
- Firewall[34] (821)
- Info Disclosure[35] (2,531)
- Intrusion Detection[36] (844)
- Java[37] (2,736)
- JavaScript[38] (788)
- Kernel[39] (5,904)
- Local[40] (13,904)
- Magazine[41] (586)
- Overflow[42] (12,031)
- Perl[43] (1,409)
- PHP[44] (5,024)
- Proof of Concept[45] (2,273)
- Protocol[46] (3,232)
- Python[47] (1,365)
- Remote[48] (29,337)
- Root[49] (3,428)
- Ruby[50] (564)
- Scanner[51] (1,628)
- Security Tool[52] (7,633)
- Shell[53] (3,014)
- Shellcode[54] (1,192)
- Sniffer[55] (877)
- Spoof[56] (2,064)
- SQL Injection[57] (15,868)
- TCP[58] (2,345)
- Trojan[59] (666)
- UDP[60] (865)
- Virus[61] (657)
- Vulnerability[62] (30,146)
- Web[63] (8,867)
- Whitepaper[64] (3,700)
- x86[65] (939)
- XSS[66] (17,210)
- Other[67]
File Archives
- January 2022[68]
- December 2021[69]
- November 2021[70]
- October 2021[71]
- September 2021[72]
- August 2021[73]
- July 2021[74]
- June 2021[75]
- May 2021[76]
- April 2021[77]
- March 2021[78]
- February 2021[79]
- Older[80]
Systems
- AIX[81] (423)
- Apple[82] (1,853)
- BSD[83] (368)
- CentOS[84] (55)
- Cisco[85] (1,909)
- Debian[86] (5,947)
- Fedora[87] (1,690)
- FreeBSD[88] (1,241)
- Gentoo[89] (4,149)
- HPUX[90] (875)
- iOS[91] (310)
- iPhone[92] (108)
- IRIX[93] (220)
- Juniper[94] (67)
- Linux[95] (41,360)
- Mac OS X[96] (682)
- Mandriva[97] (3,105)
- NetBSD[98] (255)
- OpenBSD[99] (476)
- RedHat[100] (10,971)
- Slackware[101] (941)
- Solaris[102] (1,601)
- SUSE[103] (1,444)
- Ubuntu[104] (7,589)
- UNIX[105] (9,014)
- UnixWare[106] (182)
- Windows[107] (6,262)
- Other[108]
© 2020 Packet Storm. All rights reserved.
- Services
- Security Services[119]
- Hosting By
- Rokasec[120]
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
