CVE-2021-24642 - OpenCVE

The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Scroll Banner Project	Scroll Banner

Configuration 1 [-]

cpe:2.3:a:scroll_banner_project:scroll_banner:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-10-18T13:45:52

Updated: 2024-08-03T19:35:20.367Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24642

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-18T14:15:09.437

Modified: 2022-11-09T21:50:30.213

Link: CVE-2021-24642

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Scroll Baner", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "1.0", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chuang Li"}], "descriptions": [{"lang": "en", "value": "The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-18T13:45:52", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658"}], "source": {"discovery": "EXTERNAL"}, "title": "Scroll Baner <= 1.0 - CSRF to RCE", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24642", "STATE": "PUBLIC", "TITLE": "Scroll Baner <= 1.0 - CSRF to RCE"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Scroll Baner", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.0", "version_value": "1.0"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Chuang Li"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}, {"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:35:20.367Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24642", "datePublished": "2021-10-18T13:45:52", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:35:20.367Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scroll_banner_project:scroll_banner:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "57316231-3178-438F-8896-753A50EF7843", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS"}, {"lang": "es", "value": "El plugin Scroll Baner de WordPress versiones hasta 1.0, no presenta una comprobaci\u00f3n de tipo CSRF cuando guarda sus configuraciones, ni lleva a cabo ning\u00fan tipo de saneo, escape o comprobaci\u00f3n de las mismas. Esto podr\u00eda permitir a atacantes hacer que los administradores registrados los cambien y podr\u00eda conllevar a RCE (por medio de una carga de archivos) as\u00ed como un ataque de tipo XSS"}], "id": "CVE-2021-24642", "lastModified": "2022-11-09T21:50:30.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-18T14:15:09.437", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Secondary"}]}