WordPress Plugin Vulnerabilities

W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

Description

The plugin was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.

Proof of Concept

With the 'Anonymously track usage to improve product quality' settings (in the plugin General Settings) turned on, open the URL below

https://example.com/wp-admin/admin.php?page=w3tc_extensions&extension=%27-alert%28document.domain%29-%27

Affects Plugins

Plugin icon
w3-total-cache
Fixed in 2.1.5

References

CVE
CVE-2021-24452

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.2 (high)

Miscellaneous

Original Researcher
renniepak
Submitter
renniepak
Submitter twitter
renniepak
Verified
Yes
WPVDB ID
3e855e09-056f-45b5-89a9-d644b7d8c9d0

Timeline

Publicly Published
2021-06-28 (about 2 years ago)
Added
2021-06-28 (about 2 years ago)
Last Updated
2022-01-02 (about 2 years ago)

Other

Published
Title
Published
2023-07-10
Title
Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting
Published
2023-04-24
Title
Progress Bar < 2.2.2 - Contributor+ Stored XSS
Published
2023-10-27
Title
Popup Box < 3.7.9 - Admin+ Stored XSS
Published
2023-03-20
Title
Simple Giveaways < 2.45.1 - Editor+ Stored Cross-Site Scripting
Published
2023-07-18
Title
ARMember (free and premium) - Admin+ Stored Cross-Site Scripting