cnvd - cnvd-2021-28760

cnvd-2021-28760

Vulnerability from cnvd

Title: Patreon WordPress跨站脚本漏洞（CNVD-2021-28760）

Description:

Patreon是一个以订阅为基础的众筹平台，Patreon WordPress是该平台的WordPress插件。

Patreon WordPress 1.7.2之前版本存在跨站脚本漏洞。攻击者可通过patreon_save_attachment_patreon_level AJAX操作利用该漏洞进行跨站脚本攻击。

Severity: 中

Patch Name: Patreon WordPress跨站脚本漏洞（CNVD-2021-28760）的补丁

Patch Description:

Patreon是一个以订阅为基础的众筹平台，Patreon WordPress是该平台的WordPress插件。

Patreon WordPress 1.7.2之前版本存在跨站脚本漏洞。攻击者可通过patreon_save_attachment_patreon_level AJAX操作利用该漏洞进行跨站脚本攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://wordpress.org/plugins/patreon-connect/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24229

Impacted products

Name
WordPress Patreon WordPress <1.7.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-24229",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-24229"
    }
  },
  "description": "Patreon\u662f\u4e00\u4e2a\u4ee5\u8ba2\u9605\u4e3a\u57fa\u7840\u7684\u4f17\u7b79\u5e73\u53f0\uff0cPatreon WordPress\u662f\u8be5\u5e73\u53f0\u7684WordPress\u63d2\u4ef6\u3002\n\nPatreon WordPress 1.7.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7patreon_save_attachment_patreon_level AJAX\u64cd\u4f5c\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wordpress.org/plugins/patreon-connect/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28760",
  "openTime": "2021-04-16",
  "patchDescription": "Patreon\u662f\u4e00\u4e2a\u4ee5\u8ba2\u9605\u4e3a\u57fa\u7840\u7684\u4f17\u7b79\u5e73\u53f0\uff0cPatreon WordPress\u662f\u8be5\u5e73\u53f0\u7684WordPress\u63d2\u4ef6\u3002\r\n\r\nPatreon WordPress 1.7.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7patreon_save_attachment_patreon_level AJAX\u64cd\u4f5c\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Patreon WordPress\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-28760\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Patreon WordPress \u003c1.7.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-24229",
  "serverity": "\u4e2d",
  "submitTime": "2021-04-13",
  "title": "Patreon WordPress\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-28760\uff09"
}

CVE-2021-24229 (GCVE-0-2021-24229)

Vulnerability from cvelistv5

Published

2021-04-12 14:05

Modified

2024-08-03 19:21

Severity ?

CWE

CWE-79 - Cross-site Scripting (XSS)

Summary

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with the ‘manage_options’ privilege (i.e.., only administrators). Unfortunately, one of the parameters used in this AJAX endpoint is not sanitized before being printed back to the user, so the risk it represents is the same as the previous XSS vulnerability.

References

▼	URL	Tags
	https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/	x_refsource_MISC
	https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Unknown	Patreon WordPress	Version: 1.7.2 < 1.7.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:18.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Patreon WordPress",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.7.2",
              "status": "affected",
              "version": "1.7.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with the \u2018manage_options\u2019 privilege (i.e.., only administrators). Unfortunately, one of the parameters used in this AJAX endpoint is not sanitized before being printed back to the user, so the risk it represents is the same as the previous XSS vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-12T14:05:46",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Patreon WordPress \u003c 1.7.2 - Reflected XSS on patreon_save_attachment_patreon_level AJAX action",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24229",
          "STATE": "PUBLIC",
          "TITLE": "Patreon WordPress \u003c 1.7.2 - Reflected XSS on patreon_save_attachment_patreon_level AJAX action"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Patreon WordPress",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.7.2",
                            "version_value": "1.7.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with the \u2018manage_options\u2019 privilege (i.e.., only administrators). Unfortunately, one of the parameters used in this AJAX endpoint is not sanitized before being printed back to the user, so the risk it represents is the same as the previous XSS vulnerability."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
              "refsource": "MISC",
              "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
            },
            {
              "name": "https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24229",
    "datePublished": "2021-04-12T14:05:46",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:21:18.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted