CVE-2021-24159 - OpenCVE

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Rocklobster	Contact Form 7

Configuration 1 [-]

cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9	Third Party Advisory
https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2021-04-05T18:27:43

Updated: 2021-04-05T18:27:43

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24159

JSON object: View

NVD Information

Status : Modified

Published: 2021-04-05T19:15:15.047

Modified: 2023-11-07T03:31:06.873

Link: CVE-2021-24159

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "Contact Form 7 Style", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "3.1.9", "status": "affected", "version": "3.1.9", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chloe Chamberland"}], "descriptions": [{"lang": "en", "value": "Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site\u2019s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-05T18:27:43", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9"}, {"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/"}], "source": {"discovery": "UNKNOWN"}, "title": "Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24159", "STATE": "PUBLIC", "TITLE": "Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Contact Form 7 Style", "version": {"version_data": [{"version_affected": "<=", "version_name": "3.1.9", "version_value": "3.1.9"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Chloe Chamberland"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site\u2019s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9"}, {"name": "https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24159", "datePublished": "2021-04-05T18:27:43", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2021-04-05T18:27:43", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "91CBDF13-18DC-4BAE-A5B2-C60DECC2C62A", "versionEndIncluding": "3.1.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site\u2019s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript."}, {"lang": "es", "value": "Debido a la falta de saneamiento y una falta de protecci\u00f3n nonce en la funcionalidad CSS personalizada, un atacante podr\u00eda dise\u00f1ar una petici\u00f3n para inyectar JavaScript malicioso en un sitio usando el plugin de WordPress Contact Form 7 Style versiones hasta 3.1.9. Si un atacante enga\u00f1aba con \u00e9xito al administrador de un sitio para que hiciera clic en un enlace o archivo adjunto, la petici\u00f3n podr\u00eda ser enviada y la configuraci\u00f3n de CSS se actualizar\u00eda con \u00e9xito para incluir JavaScript malicioso"}], "id": "CVE-2021-24159", "lastModified": "2023-11-07T03:31:06.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-05T19:15:15.047", "references": [{"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9"}, {"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "contact@wpscan.com", "type": "Secondary"}]}