CVE-2021-24973 in Site Reviews Plugininfo

Summary

by MITRE • 01/03/2022

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 01/06/2022

The vulnerability identified as CVE-2021-24973 affects the Site Reviews WordPress plugin version 5.17.2 and earlier, representing a critical cross-site scripting flaw that undermines the security posture of WordPress installations. This vulnerability exists within the plugin's AJAX handling mechanism, specifically targeting the glsr_action endpoint which processes the site-reviews parameter without proper sanitization or escaping measures. The flaw is particularly concerning because it affects the Tool dashboard functionality where administrators perform critical maintenance tasks, making it a prime target for attackers seeking to compromise administrative sessions.

The technical implementation of this vulnerability stems from insufficient input validation within the plugin's backend processing logic. When the glsr_action AJAX endpoint receives the site-reviews parameter, it fails to properly sanitize user-supplied data before incorporating it into the response sent to administrators. This omission creates a persistent cross-site scripting vector that can be exploited by both unauthenticated users and authenticated individuals with minimal privileges. The vulnerability manifests when administrators view the Tool dashboard, as the malicious payload embedded in the site-reviews parameter executes within the admin context, potentially allowing attackers to escalate privileges or access sensitive administrative functions.

The operational impact of this vulnerability extends beyond simple script execution, as it enables attackers to manipulate administrative sessions and potentially gain unauthorized access to critical system components. When administrators visit the Tool dashboard, their browsers execute the malicious JavaScript code embedded in the parameter, which can harvest session cookies, redirect users to malicious sites, or inject additional malicious payloads. This vulnerability specifically targets the dashboard interface where administrators perform maintenance operations, making it particularly dangerous as it can be leveraged to compromise the entire administrative workflow of the plugin. The attack vector requires no authentication for initial exploitation, though the payload execution is limited to administrators who are actively viewing the compromised dashboard.

Organizations affected by this vulnerability should immediately update to Site Reviews plugin version 5.17.3 or later, which implements proper input sanitization and output escaping mechanisms for the affected parameter. Security teams should also implement network monitoring to detect potential exploitation attempts targeting the glsr_action endpoint and conduct comprehensive audits of all installed WordPress plugins for similar sanitization flaws. The vulnerability aligns with CWE-79, which addresses cross-site scripting vulnerabilities, and maps to ATT&CK technique T1059.007 for script injection, while also representing a privilege escalation vector that could lead to full system compromise. Additional mitigations include implementing content security policies that restrict script execution and monitoring for unusual AJAX requests targeting the affected plugin endpoint, particularly those containing suspicious parameter values that could indicate exploitation attempts.

Reservation

01/14/2021

Disclosure

01/03/2022

Moderation

accepted

CPE

ready

EPSS

0.01314

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!