vendor:
Select All Categories and Taxonomies Change Checkbox to Radio Buttons
by:
0xB9
6,1
CVSS
MEDIUM
Reflected Cross-Site Scripting (XSS)
79
CWE
Product Name: Select All Categories and Taxonomies Change Checkbox to Radio Buttons
Affected Version From: 1.3.1
Affected Version To: 1.3.1
Patch Exists: YES
Related CWE: CVE-2021-24287
CPE: 2.3:a:wordpress:select_all_categories_and_taxonomies_change_checkbox_to_radio_buttons:1.3.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: wp,select-all-categories,taxonomies-change-checkbox-to-radio-buttons,authenticated,wpscan,cve2021,xss,wp-plugin,cve,wordpress,edb
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Nuclei Metadata: {'max-request': 2, 'verified': True, 'framework': 'wordpress', 'vendor': 'mooveagency', 'product': 'select_all_categories_and_taxonomies\\,_change_checkbox_to_radio_buttons'}
Platforms Tested: Windows 10
2021
WordPress Plugin Select All Categories and Taxonomies 1.3.1 – Reflected Cross-Site Scripting (XSS)
WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Mitigation:
Input validation should be used to prevent XSS attacks.
