W3 Total Cache < 2.1.4 – Reflected XSS in Extensions Page (Attribute Context) | CVE 2021-24436

Description

The plugin was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.

Proof of Concept

https://example.com/wp-admin/admin.php?page=w3tc_extensions&extension=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

Affects Plugins

w3-total-cache

Fixed in 2.1.4

References

CVE

CVE-2021-24436

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

9.6 (critical)

Miscellaneous

Original Researcher

renniepak

Submitter

renniepak

Submitter twitter

renniepak

Verified

Yes

WPVDB ID

05988ebb-7378-4a3a-9d2d-30f8f58fe9ef

Timeline

Publicly Published

2021-06-28 (about 2 years ago)

Added

2021-06-28 (about 2 years ago)

Last Updated

2021-08-10 (about 2 years ago)

Other

Published

Title

Published

2023-11-03

Title

Download Top 25 Social Icons <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2023-11-28

Title

WP Crowdfunding < 2.1.8 - Admin+ Stored XSS

Published

2023-05-31

Title

bbPress Toolkit <= 1.0.12 - Reflected XSS

Published

2023-11-06

Title

Ziteboard Online Whiteboard < 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ziteboard Shortcode

Published

2023-11-27

Title

Happyforms < 1.25.10 - Reflected Cross-Site Scripting