WordPress Plugin Vulnerabilities

Stylish Cost Calculator < 7.0.4 - Subscriber+ Unauthorised AJAX Calls to Stored XSS

Description

The plugin does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users due to the lack of sanitisation and escaping in some parameters

Proof of Concept

Affects Plugins

Plugin icon
stylish-cost-calculator
Fixed in 7.0.4

References

CVE
CVE-2021-24822

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
8.0 (high)

Miscellaneous

Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
db84a782-d4c8-4abf-99ea-ea672a9b806e

Timeline

Publicly Published
2021-11-01 (about 4 years ago)
Added
2021-11-01 (about 4 years ago)
Last Updated
2022-04-09 (about 3 years ago)

Other

Published
Title
Published
2021-06-30
Title
Title Field Validation <= 1.1 - Unauthorised AJAX Calls
Published
2021-10-05
Title
Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal
Published
2024-05-01
Title
Contact Form by WPForms – Drag & Drop Form Builder for WordPress < 1.8.8.2 - Unauthenticated Price Manipulation
Published
2024-02-06
Title
AMP for WP < 1.0.93.2 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data
Published
2024-04-29
Title
Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API