CVE-2021-24522 Scanner

The ProfilePress plugin is a popular WordPress plugin used for creating custom forms for user registration, login, and profile management. It's commonly deployed by WordPress administrators seeking to enhance user experience and security on their websites. ProfilePress integrates with various themes and plugins to provide a seamless user interface for login and registration functionalities. It's utilized by a wide range of websites, from blogs to e-commerce sites, to manage user profiles effectively. The plugin supports various customizations and is increasingly used by non-technically savvy administrators due to its user-friendly nature. Its broad user base includes small to medium-sized businesses that rely on WordPress for managing their online presence.

Cross-Site Scripting (XSS) is a common vulnerability that affects many web applications, including plugins such as ProfilePress. This vulnerability occurs when an application includes untrusted data in a web page without proper validation or escaping. An attacker can exploit an XSS vulnerability to inject malicious scripts into web pages viewed by other users. In the context of ProfilePress, the vulnerability is found in the tabbed login/register widget, allowing attackers to inject arbitrary JavaScript. When executed, this script can perform actions impersonating the victim or extract data accessible to them.

Technically, the ProfilePress plugin before version 3.1.11 does not escape user input in the tabbed-login-name parameter properly. This oversight allows for reflected cross-site scripting (XSS) attacks. The vulnerable endpoint is accessed via a specific crafted URL containing the payload in the 'tabbed-login-name' parameter. When the page is loaded, the injected script is executed by the user's browser. Such vulnerabilities are particularly concerning as they can be exploited without any authentication.

Exploiting this vulnerability allows attackers to execute arbitrary JavaScript code in the context of a user's browser session. This can lead to several significant consequences, such as session hijacking, redirecting users to malicious websites, or unauthorized actions within trusted websites. Additionally, it may enable the attacker to retrieve sensitive user data, such as session tokens or personal information, ultimately undermining user trust and site integrity. The risk is amplified on sites with high traffic and could lead to a broader impact across multiple users' sessions.

REFERENCES

• https://wpscan.com/vulnerability/25b51add-197c-4aff-b1a8-b92fb11d8697/
• https://plugins.trac.wordpress.org/changeset/2561271/wp-user-avatar
• https://nvd.nist.gov/vuln/detail/CVE-2021-24522