TROYANOSYVIRUS
Volver a CVEs

CVE-2021-24410

MEDIUM
6.1

Descripcion

The తెలుగు బైబిల్ వచనములు WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues

Detalles CVE

Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado8/16/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

telugu_bible_verse_daily_project:telugu_bible_verse_daily

Debilidades (CWE)

CWE-79CWE-352CWE-352

Referencias

https://wpscan.com/vulnerability/b47ea36e-f37c-4745-b750-31f5b91f543f(contact@wpscan.com)
https://wpscan.com/vulnerability/b47ea36e-f37c-4745-b750-31f5b91f543f(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.