.. / CVE-2021-24298

Exploit for WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting (CVE-2021-24298)

Description:

WordPress Simple Giveaways plugin before 2.36.2 contains a cross-site scripting vulnerability via the method and share GET parameters of the Giveaway pages, which are not sanitized, validated, or escaped before being output back in the pages.

Nuclei Template

View the template here CVE-2021-24298.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24298.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91
https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/
https://nvd.nist.gov/vuln/detail/CVE-2021-24298
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2021-24298 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting (CVE-2021-24298)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24298