CVE-2021-36845 Information
Description
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8 there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - \Newsletter\ tab &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (’) symbol to break the context i.e.: NOTIFY ME’ autofocus onfocus=alert(/Visse/);// v=’ - this payload will be auto triggered while admin visits this page/tab. 2 - \General\ tab issues vulnerable parameters: &yith_maintenance_message &yith_maintenance_custom_style &yith_maintenance_mascotte &yith_maintenance_title_font[size] &yith_maintenance_title_font[family] &yith_maintenance_title_font[color] &yith_maintenance_paragraph_font[size] &yith_maintenance_paragraph_font[family] &yith_maintenance_paragraph_font[color] &yith_maintenance_border_top. 3 - \Background\ tab issues vulnerable parameters: &yith_maintenance_background_image &yith_maintenance_background_color. 4 - \Logo\ tab issues vulnerable parameters: &yith_maintenance_logo_image &yith_maintenance_logo_tagline &yith_maintenance_logo_tagline_font[size] &yith_maintenance_logo_tagline_font[family] &yith_maintenance_logo_tagline_font[color]. 5 - \Newsletter\ tab issues vulnerable parameters: &yith_maintenance_newsletter_email_font[size] &yith_maintenance_newsletter_email_font[family] &yith_maintenance_newsletter_email_font[color] &yith_maintenance_newsletter_submit_font[size] &yith_maintenance_newsletter_submit_font[family] &yith_maintenance_newsletter_submit_font[color] &yith_maintenance_newsletter_submit_background &yith_maintenance_newsletter_submit_background_hover &yith_maintenance_newsletter_title &yith_maintenance_newsletter_action &yith_maintenance_newsletter_email_label &yith_maintenance_newsletter_email_name &yith_maintenance_newsletter_submit_label &yith_maintenance_newsletter_hidden_fields. 6 - \Socials\ tab issues vulnerable parameters: &yith_maintenance_socials_facebook &yith_maintenance_socials_twitter &yith_maintenance_socials_gplus &yith_maintenance_socials_youtube &yith_maintenance_socials_rss &yith_maintenance_socials_skype &yith_maintenance_socials_email &yith_maintenance_socials_behance &yith_maintenance_socials_dribble &yith_maintenance_socials_flickr &yith_maintenance_socials_instagram &yith_maintenance_socials_pinterest &yith_maintenance_socials_tumblr &yith_maintenance_socials_linkedin.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Reference
https://patchstack.com/database/vulnerability/yith-maintenance-mode/wordpress-yith-maintenance-mode-plugin-1-3-8-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities https://wordpress.org/plugins/yith-maintenance-mode/#developers
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
4.8
Share on: