Shield Security < 20.0.6 – Reflected XSS | CVE 2024-7313 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Proof of Concept

To exploit the vulnerability, go to the Shield Security plugin tab. The result will be the path /wp-admin/admin.php with a page and the vulnerable nav_sub parameter for the XSS vulnerability. This request also does not have a nonce to prevent CSRF, and thus a combined vulnerability can be implemented

Affects Plugins

wp-simple-firewall

Fixed in 20.0.6

References

CVE

URL

https://research.cleantalk.org/CVE-2024-7313/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Krugov Artyom

Submitter

Krugov Aryom

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

83a1bdc6-098e-43d5-89e5-f4202ecd78a1

Timeline

Publicly Published

2024-08-05 (about 1 year ago)

Added

2024-08-05 (about 1 year ago)

Last Updated

2024-08-05 (about 1 year ago)

Other

Published

Title

Published

2014-12-18

Title

Twimp WP <= 0.1 - Multiple CSRF

Published

2023-11-28

Title

Prevent Landscape Rotation < 2.1 - Settings Update via CSRF

Published

2024-11-22

Title

WP-Orphanage Extended < 1.3 - Cross-Site Request Forgery to Orphan Account Privilege Escalation

Published

2017-03-01

Title

Global Content Blocks - Cross-Site Request Forgery (CSRF)

Published

2025-03-11

Title

Back To Top <= 2.0 - Cross-Site Request Forgery