PT-2021-15882 · WordPress · Stock In & Out

Shreya Pohekar

Published

2021-06-14

Updated

2021-06-21

CVE-2021-24346

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Stock in & out WordPress plugin versions 1.0.0 through 1.0.4

Description The issue concerns a reflected XSS problem due to the lack of validation, sanitization, or escaping of the srch POST parameter in the search functionality. This functionality is accessible to contributors, which is the lowest accessible level.

Recommendations For Stock in & out WordPress plugin versions 1.0.0 through 1.0.4, consider disabling the search functionality until a patch is available to prevent exploitation of the reflected XSS issue. Restrict access to the contributor level to minimize the risk of exploitation. Avoid using the srch parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-24346

Affected Products

Stock In & Out

PT-2021-15882 · WordPress · Stock In & Out

CVE-2021-24346

Weakness Enumeration

Related Identifiers

Affected Products

References · 4