← Voltar para CVEs
CVE-2021-24431
MEDIUM4.3
Descricao
The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users
Detalhes CVE
Pontuacao CVSS v3.14.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado9/13/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
language_bar_flags_project:language_bar_flags
Fraquezas (CWE)
CWE-79CWE-352CWE-79CWE-352
Referencias
https://wpscan.com/vulnerability/ae50cec9-5f80-4221-b6a8-4593ab66c37b(contact@wpscan.com)
https://wpscan.com/vulnerability/ae50cec9-5f80-4221-b6a8-4593ab66c37b(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.