exploitDog

CVE-2021-24481

Опубликовано: 02 авг. 2021

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it

Ссылки

https://wpscan.com/vulnerability/a4c352de-9815-4dfe-ac51-65b5bfb37438
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a4c352de-9815-4dfe-ac51-65b5bfb37438
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:any_hostname_project:any_hostname:*:*:*:*:*:wordpress:*:*

Версия до 1.0.6 (включая)

EPSS

Процентиль: 61%

0.0042

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3xf9-4gwf-w55x

github

больше 3 лет назад

The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it

EPSS

Процентиль: 61%

0.0042

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79