CVE-2021-39341 PoC — WordPress plugin Google Maps Easy安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-39341.yaml

Associated Vulnerability

Title:WordPress plugin Google Maps Easy安全漏洞 (CVE-2021-39341)
Description:WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 插件存在安全漏洞，该漏洞源于由于在 ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php 文件中找到的几个参数进行的输入验证和清理不足，Google Maps Easy WordPress 插件容易受到存储跨站点脚本的攻击，该文件允许具有管理用户访问权限的攻击者注入任

Description

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.

File Snapshot


 id: CVE-2021-39341

info:
  name: OptinMonster Plugin < 2.6.5 - Unprotected REST-API
  author: iamno

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!