Home > Vulnerability Database > CVE-2021-24338

Mend.io Vulnerability Database

CVE-2021-24338

Date: June 21, 2021

Overview

In Pods WordPress Plugin, versions 2.4.4.1 to 2.7.26 are vulnerable to Stored Cross-Site Scripting (XSS) due to user input not being validated properly in the `Singular Label` field parameter. An authenticated attacker could inject malicious code into the input field before rendering it in the web page.

Details

The WordPress `Pods - Custom Content Types and Fields` plugin can be abused by Stored Cross-Site Scripting vulnerability since the plugin performs improper validation of the input sent to the `Singular Label` field parameter value before rendering it in the web page. Due to this flaw, an authenticated attacker can cause Stored Cross-Site Scripting.

PoC Details

On a Wordpress application with `pods` plugin installed and activated, you will find a `pods admin` option in the left side menu bar. Click on this option, then click on `Add New` -> `Create New`. Select `Content Type` as `Custom Post Type` from the drop-down menu and place the given payload in `Singular Label` text field, and fill the remaining fields. Click on `Next Step` and the given payload gets executed and an alert box will appear. This payload will get executed when you open the pods page.

PoC Code

<script>alert(1234)</script>

Affected Environments

2.4.4.1-2.7.26

Prevention

Upgrade to 2.7.27

Language: PHP

Good to know:

5.4

Cross-Site Scripting (XSS)

CWE-79

Upgrade Version

Upgrade to version 2.7.27

Learn More

CVSS v3.1
CVSS v2

Base Score:	5.4
Attack Vector (AV):	Network
Attack Complexity (AC):	Low
Privileges Required (PR):	Low
User Interaction (UI):	Required
Scope (S):	Changed
Confidentiality (C):	Low
Integrity (I):	Low
Availability (A):	None

Base Score:	3.5
Access Vector (AV):	Network
Access Complexity (AC):	Medium
Authentication (AU):	Single
Confidentiality (C):	None
Integrity (I):	Partial
Availability (A):	None
Additional information: