CVE-2021-24654 - Vulnerability Details - OpenCVE

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00285.

Key SSVC decision points have not yet been added.

Vendors	Products
Wpeverest Subscribe	User Registration Subscribe

Configuration 1 [-]

cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-11566	The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-10-04T11:20:17

Updated: 2024-08-03T19:35:20.367Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24654

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-10-04T12:15:08.870

Modified: 2024-11-21T05:53:29.980

Link: CVE-2021-24654

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"containers": {"cna": {"affected": [{"product": "User Registration \u2013 Custom Registration Form, Login And User Profile For WordPress", "vendor": "Unknown", "versions": [{"lessThan": "2.0.2", "status": "affected", "version": "2.0.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "AyeCode Ltd"}], "descriptions": [{"lang": "en", "value": "The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-04T11:20:17", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2"}], "source": {"discovery": "EXTERNAL"}, "title": "User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24654", "STATE": "PUBLIC", "TITLE": "User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "User Registration \u2013 Custom Registration Form, Login And User Profile For WordPress", "version": {"version_data": [{"version_affected": "<", "version_name": "2.0.2", "version_value": "2.0.2"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "AyeCode Ltd"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:35:20.367Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24654", "datePublished": "2021-10-04T11:20:17", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:35:20.367Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AEAB3ECC-5A41-4FD2-98D1-CD06128C8AE3", "versionEndExcluding": "2.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed"}, {"lang": "es", "value": "El plugin User Registration de WordPress versiones anteriores a 2.0.2 no sanea correctamente el valor user_registration_profile_pic_url cuando se env\u00eda directamente por medio de la acci\u00f3n user_registration_update_profile_details AJAX. Esto podr\u00eda permitir a cualquier usuario autenticado, como el suscriptor, llevar a cabo ataques de tipo Cross-Site Almacenados cuando es visualizado su perfil"}], "id": "CVE-2021-24654", "lastModified": "2024-11-21T05:53:29.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-04T12:15:08.870", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}