Advertisement






WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)

CVE Category Price Severity
CVE-2021-24537 CWE-79 Not specified High
Author Risk Exploitation Type Date
Aleksandar Nikolic High Remote 2021-04-27
CPE
cpe:cpe:/a:wordpress:rss_for_yandex_turbo:1.29
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021040145

Below is a copy:

WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)
|===========================================================================
| # Exploit Title : WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)
|                                                                           
| # Author : Ali Seddigh                                                    
|                                                                           
| # Category : Web Application
|
| # Software Link : https://wordpress.org/plugins/rss-for-yandex-turbo/
|                                                                           
| # Tested on : [ Windows ~> 10 , Kali Linux]                                                     
|
| # Version: 1.29
|                  
| # Date : 2021-04-27                                                     
|===========================================================================


# POC :

1. Install WordPress 5.6
2. Install and activate "RSS for Yandex Turbo" plugin.
3. Navigate to Setting >> . >>  and enter the data into all the six user input field and submit the request.
4. Capture the request into burp suite and append the following mentioned JavaScript payloads (one payload per parameter)
"+onmouseover="alert(1)
"+onmouseover="alert(2)
"+onmouseover="alert(3)
"+onmouseover="alert(4)
"+onmouseover="alert(5)
"+onmouseover="alert(6)
5. You will observe that the payloads got successfully stored into the database and when you move the mouse cursor over these fields the JavaScript payloads get executed successfully and we get a pop-up.


|===========================================================================
| # Discovered By : Ali Triplex                                             
|===========================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.