CVE-2021-24598

MEDIUM

4.8

Descripcion

The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed

Detalles CVE

Puntuacion CVSS v3.14.8

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosHIGH

Interaccion usuarioREQUIRED

Publicado11/17/2021

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

wpshopmart:testimonial_builder

Debilidades (CWE)

CWE-79

Referencias

https://plugins.trac.wordpress.org/changeset/2606523/(contact@wpscan.com)

https://wpscan.com/vulnerability/365c09a7-0b10-4145-a415-5c0e9f429ae0(contact@wpscan.com)

https://plugins.trac.wordpress.org/changeset/2606523/(af854a3a-2127-422b-91ae-364da2661108)

https://wpscan.com/vulnerability/365c09a7-0b10-4145-a415-5c0e9f429ae0(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.