← Volver a CVEs

CVE-2021-24724

MEDIUM

5.4

Descripcion

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s

Detalles CVE

Puntuacion CVSS v3.15.4

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioREQUIRED

Publicado9/13/2021

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

motopress:timetable_and_event_schedule

Debilidades (CWE)

CWE-79

Referencias

https://plugins.trac.wordpress.org/changeset/2573479/(contact@wpscan.com)

https://wpscan.com/vulnerability/c1194a1e-bf33-4f3f-a4a6-27b76b1b1eeb(contact@wpscan.com)

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29235(contact@wpscan.com)

https://plugins.trac.wordpress.org/changeset/2573479/(af854a3a-2127-422b-91ae-364da2661108)

https://wpscan.com/vulnerability/c1194a1e-bf33-4f3f-a4a6-27b76b1b1eeb(af854a3a-2127-422b-91ae-364da2661108)

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29235(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.