Support Crack-Vault and help us keep providing free tools. Every donation counts! (BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn

[Urgent] Unauthenticated Stored XSS in Newsmag Plugin

Nagasaki

[Urgent] Unauthenticated Stored XSS in Newsmag Plugin (<5.0) ** CVE-2021-24304 **

📌 Vulnerability Details:

CVE ID: CVE-2021-24304
Plugin: Newsmag (TagDiv)
Versions Affected: All versions before 5.0
Vulnerability Type: Stored Cross-Site Scripting (XSS)
CVSS Score: 8.8 High (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

🔍 Technical Analysis:
The vulnerability exists in the td_ajax_block AJAX handler, where the td_block_id parameter fails to sanitize user input. Attackers can inject malicious JavaScript payloads that execute when WordPress administrators view affected pages.

📜 Proof of Concept:

http
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: vulnerable-site.com
[...]
Content-Type: application/x-www-form-urlencoded

action=td_ajax_block&td_block_id="><svg/onload=alert('XSS')>&[...]

🎯 Attack Scenario:

Attacker sends crafted request to admin-ajax.php
Malicious payload stores in database
Payload executes when admin views plugin pages
Full admin compromise possible

🛡️ Recommended Actions:

Immediate Update: Upgrade to Newsmag 5.0+
Temporary Fix: Add input sanitization for td_block_id
Monitoring: Check logs for suspicious POST requests to admin-ajax.php
Security Layers:
- Implement Content Security Policy (CSP)
- Add WAF rules to block XSS patterns

🔗 References:

Official CVE Record
WordPress Plugin Directory

💬 Discussion Points:

Has anyone observed active exploitation?
Alternative mitigation strategies?

#WordPressSecurity #WebAppSec #VulnerabilityManagement

📱

Download Now—Top Software, No Cost!