CVE-2021-24287

Опубликовано: 14 мая 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue

Ссылки

http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mooveagency:select_all_categories_and_taxonomies\,_change_checkbox_to_radio_buttons:*:*:*:*:*:wordpress:*:*

Версия до 1.3.2 (исключая)

EPSS

Процентиль: 97%

0.33301

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w48f-hvm9-m282

github

больше 3 лет назад