← Volver a CVEs
CVE-2021-24545
MEDIUM5.4
Descripcion
The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against users, which could potentially lead to privilege escalation when an admin view the related post/s.
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado10/11/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
wp_html_author_bio_project:wp_html_author_bio
Debilidades (CWE)
CWE-79
Referencias
https://wpscan.com/vulnerability/64267134-9d8c-4e0c-b24f-d18692a5775e(contact@wpscan.com)
https://wpscan.com/vulnerability/64267134-9d8c-4e0c-b24f-d18692a5775e(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.