CVE-2021-24333

Public Exploit

Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

Description

The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them.

References

Link	Tags
https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864	third party advisory exploit
https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html	third party advisory exploit
https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt
https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt

Frequently Asked Questions

What is the severity of CVE-2021-24333?: CVE-2021-24333 has been scored as a medium severity vulnerability.
How to fix CVE-2021-24333?: To fix CVE-2021-24333, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-24333 being actively exploited in the wild?: It is possible that CVE-2021-24333 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-24333?: CVE-2021-24333 affects Unknown Content Copy Protection & Prevent Image Save.

Description

Categories

CWE-352 – Cross-Site Request Forgery (CSRF)

CWE-79 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References

Frequently Asked Questions