.. / CVE-2021-24316

Exploit for WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting (CVE-2021-24316)

Description:

WordPress Mediumish theme 1.0.47 and prior contains an unauthenticated reflected cross-site scripting vulnerability. The ‘s’ GET parameter is not properly sanitized by the search feature before it is output back on the page.

Nuclei Template

View the template here CVE-2021-24316.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24316.yaml

References:

https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
https://nvd.nist.gov/vuln/detail/CVE-2021-24316
https://github.com/ZephrFish/AutoHoneyPoC
https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
https://www.wowthemes.net/themes/mediumish-wordpress/

.. / CVE-2021-24316 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting (CVE-2021-24316)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24316