CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
3.4 | $0-$5k | 0.00 |
A vulnerability was found in WP Canvas Shortcodes Plugin 1.92 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects some unknown functionality. The manipulation with an unknown input leads to a cross site scripting vulnerability (Stored). Using CWE to declare the problem leads to CWE-80. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. Impacted is integrity.
The weakness was published 11/19/2016 by Yorick Koster as Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin as confirmed mailinglist post (Full-Disclosure). The advisory is shared at seclists.org. The public release has been coordinated with the project team. The attack may be initiated remotely. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1059.007 for this issue. The advisory points out:
A Cross-Site Scripting vulnerability was found in the WP Canvas - Shortcodes WordPress Plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf. This issue can be exploited by authenticated users with the Contributor or higher role.
Upgrading to version 2.07 eliminates this vulnerability.
Product
Type
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.5VulDB Meta Temp Score: 3.4
VulDB Base Score: 3.5
VulDB Temp Score: 3.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Name: StoredClass: Cross site scripting / Stored
CWE: CWE-80 / CWE-74 / CWE-707
ATT&CK: T1059.007
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: WP Canvas Shortcodes Plugin 2.07
Timeline
11/19/2016 🔍11/21/2016 🔍
06/05/2019 🔍
Sources
Advisory: Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress PluginResearcher: Yorick Koster
Status: Confirmed
Coordinated: 🔍
Entry
Created: 11/21/2016 14:34Updated: 06/05/2019 14:28
Changes: 11/21/2016 14:34 (43), 06/05/2019 14:28 (2)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.