← Zuruck zu CVEs
CVE-2021-24168
MEDIUM5.4
Beschreibung
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator.
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht4/5/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
easy_contact_form_pro_project:easy_contact_form_pro
Schwachen (CWE)
CWE-79CWE-79
Referenzen
https://wpscan.com/vulnerability/bfaa7d79-904e-45f1-bc42-ddd90a65ce74(contact@wpscan.com)
https://wpscan.com/vulnerability/bfaa7d79-904e-45f1-bc42-ddd90a65ce74(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.