CVE-2021-24443 (GCVE-0-2021-24443)

Vulnerability from cvelistv5 – Published: 2021-08-02 10:31 – Updated: 2024-08-03 19:28
VLAI?
Title
Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography
Summary
The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.
Severity ?
No CVSS data available.
CWE
  • CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
Vendor Product Version
Unknown Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress Affected: 1.0.7 , < 1.0.7 (custom)
Create a notification for this product.
Credits
Phu Tran from techlabcorp.com
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.962Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership Plugin for WordPress",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.0.7",
              "status": "affected",
              "version": "1.0.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Phu Tran from techlabcorp.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The About Me widget of the Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-02T10:31:57",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Youzify \u003c 1.0.7 - Stored Cross-Site Scripting via Biography",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24443",
          "STATE": "PUBLIC",
          "TITLE": "Youzify \u003c 1.0.7 - Stored Cross-Site Scripting via Biography"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership Plugin for WordPress",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.0.7",
                            "version_value": "1.0.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Phu Tran from techlabcorp.com"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The About Me widget of the Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24443",
    "datePublished": "2021-08-02T10:31:57",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:28:23.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kainelabs:youzify:*:*:*:*:*:wordpress:*:*\", \"versionEndExcluding\": \"1.0.7\", \"matchCriteriaId\": \"C214289F-A92D-4976-B7FD-3B4D2E94FC72\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The About Me widget of the Youzify \\u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.\"}, {\"lang\": \"es\", \"value\": \"Los plugins About Me widget of the Youzify \\u00e2\\u20ac\\u201c BuddyPress Community, User Profile, Social Network \u0026amp; Membership de Wordpress versiones anteriores a 1.0.7, no sanea apropiadamente su campo Biography, permitiendo a cualquier usuario autenticado ajustar cargas \\u00fatiles de tipo Cross-Site Scripting en \\u00e9l, que se ejecutar\\u00e1n cuando se visualice el perfil del usuario afectado. Esto podr\\u00eda permitir a un usuario con pocos privilegios obtener acceso no autorizado a la parte de administraci\\u00f3n del blog apuntando a un administrador, induci\\u00e9ndole a ver su perfil con una carga \\u00fatil maliciosa a\\u00f1adiendo una cuenta falsa, por ejemplo\"}]",
      "id": "CVE-2021-24443",
      "lastModified": "2024-11-21T05:53:05.063",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-08-02T11:15:08.960",
      "references": "[{\"url\": \"https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "contact@wpscan.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"contact@wpscan.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-24443\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2021-08-02T11:15:08.960\",\"lastModified\":\"2024-11-21T05:53:05.063\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The About Me widget of the Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.\"},{\"lang\":\"es\",\"value\":\"Los plugins About Me widget of the Youzify \u00e2\u20ac\u201c BuddyPress Community, User Profile, Social Network \u0026amp; Membership de Wordpress versiones anteriores a 1.0.7, no sanea apropiadamente su campo Biography, permitiendo a cualquier usuario autenticado ajustar cargas \u00fatiles de tipo Cross-Site Scripting en \u00e9l, que se ejecutar\u00e1n cuando se visualice el perfil del usuario afectado. Esto podr\u00eda permitir a un usuario con pocos privilegios obtener acceso no autorizado a la parte de administraci\u00f3n del blog apuntando a un administrador, induci\u00e9ndole a ver su perfil con una carga \u00fatil maliciosa a\u00f1adiendo una cuenta falsa, por ejemplo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kainelabs:youzify:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"1.0.7\",\"matchCriteriaId\":\"C214289F-A92D-4976-B7FD-3B4D2E94FC72\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.