CVE-2021-24654 - OpenCVE

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wpeverest	User Registration

Configuration 1 [-]

cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-10-04T11:20:17

Updated: 2024-08-03T19:35:20.367Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24654

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-04T12:15:08.870

Modified: 2021-10-08T18:39:57.843

Link: CVE-2021-24654

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "User Registration \u2013 Custom Registration Form, Login And User Profile For WordPress", "vendor": "Unknown", "versions": [{"lessThan": "2.0.2", "status": "affected", "version": "2.0.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "AyeCode Ltd"}], "descriptions": [{"lang": "en", "value": "The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-04T11:20:17", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2"}], "source": {"discovery": "EXTERNAL"}, "title": "User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24654", "STATE": "PUBLIC", "TITLE": "User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "User Registration \u2013 Custom Registration Form, Login And User Profile For WordPress", "version": {"version_data": [{"version_affected": "<", "version_name": "2.0.2", "version_value": "2.0.2"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "AyeCode Ltd"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:35:20.367Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24654", "datePublished": "2021-10-04T11:20:17", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:35:20.367Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AEAB3ECC-5A41-4FD2-98D1-CD06128C8AE3", "versionEndExcluding": "2.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed"}, {"lang": "es", "value": "El plugin User Registration de WordPress versiones anteriores a 2.0.2 no sanea correctamente el valor user_registration_profile_pic_url cuando se env\u00eda directamente por medio de la acci\u00f3n user_registration_update_profile_details AJAX. Esto podr\u00eda permitir a cualquier usuario autenticado, como el suscriptor, llevar a cabo ataques de tipo Cross-Site Almacenados cuando es visualizado su perfil"}], "id": "CVE-2021-24654", "lastModified": "2021-10-08T18:39:57.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-04T12:15:08.870", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}]}