.. / CVE-2021-24214

Exploit for WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting (CVE-2021-24214)

Description:

WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration.

Nuclei Template

View the template here CVE-2021-24214.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24214.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24214
https://nvd.nist.gov/vuln/detail/CVE-2021-24214
https://github.com/ARPSyndicate/kenzer-templates
https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10

.. / CVE-2021-24214 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting (CVE-2021-24214)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24214