← Retour aux CVEs
CVE-2021-24410
MEDIUM6.1
Description
The తెలుగు బైబిల్ వచనములు WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues
Details CVE
Score CVSS v3.16.1
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie8/16/2021
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
telugu_bible_verse_daily_project:telugu_bible_verse_daily
Faiblesses (CWE)
CWE-79CWE-352CWE-352
References
https://wpscan.com/vulnerability/b47ea36e-f37c-4745-b750-31f5b91f543f(contact@wpscan.com)
https://wpscan.com/vulnerability/b47ea36e-f37c-4745-b750-31f5b91f543f(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.