CVE-2021-24586 - OpenCVE

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting (feature mentioned by the plugin), this could lead to Stored XSS issue which will be triggered either in the backend, frontend or both depending on the payload used.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Evona	Per Page Add To Head

Configuration 1 [-]

cpe:2.3:a:evona:per_page_add_to_head:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/e9885fba-0e73-41a0-9e1d-47badc09be85

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-09-13T17:56:27

Updated: 2024-08-03T19:35:20.192Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24586

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-13T18:15:16.517

Modified: 2022-12-20T22:01:37.097

Link: CVE-2021-24586

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Per page add to head", "vendor": "Unknown", "versions": [{"lessThan": "1.4.4", "status": "affected", "version": "1.4.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Prashant Karman Patel"}], "descriptions": [{"lang": "en", "value": "The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting (feature mentioned by the plugin), this could lead to Stored XSS issue which will be triggered either in the backend, frontend or both depending on the payload used."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-13T17:56:27", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/e9885fba-0e73-41a0-9e1d-47badc09be85"}], "source": {"discovery": "UNKNOWN"}, "title": "Per Page Add to Head < 1.4.4 - CSRF to Stored XSS", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24586", "STATE": "PUBLIC", "TITLE": "Per Page Add to Head < 1.4.4 - CSRF to Stored XSS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Per page add to head", "version": {"version_data": [{"version_affected": "<", "version_name": "1.4.4", "version_value": "1.4.4"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Prashant Karman Patel"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting (feature mentioned by the plugin), this could lead to Stored XSS issue which will be triggered either in the backend, frontend or both depending on the payload used."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}, {"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/e9885fba-0e73-41a0-9e1d-47badc09be85", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/e9885fba-0e73-41a0-9e1d-47badc09be85"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:35:20.192Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/e9885fba-0e73-41a0-9e1d-47badc09be85"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24586", "datePublished": "2021-09-13T17:56:27", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:35:20.192Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:evona:per_page_add_to_head:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6FD4DB5E-1FC4-449B-A571-D3A1BF20D4BB", "versionEndExcluding": "1.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting (feature mentioned by the plugin), this could lead to Stored XSS issue which will be triggered either in the backend, frontend or both depending on the payload used."}, {"lang": "es", "value": "El plugin de WordPress Per page add to head versiones anteriores a 1.4.4, carece de cualquier tipo de comprobaci\u00f3n de tipo CSRF cuando guarda su configuraci\u00f3n, que podr\u00eda permitir a atacantes hacer que un administrador registrado la cambie. Adem\u00e1s, como el plugin permite insertar HTML arbitrario en una de las configuraciones (caracter\u00edstica mencionada por el plugin), esto podr\u00eda conllevar a un problema de tipo XSS Almacenado que ser\u00eda desencadenado en el backend, en el frontend o en ambos, dependiendo del payload usado"}], "id": "CVE-2021-24586", "lastModified": "2022-12-20T22:01:37.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-13T18:15:16.517", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/e9885fba-0e73-41a0-9e1d-47badc09be85"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}]}