← Back

CVE-2021-24445

nvd nist
Published: Aug 16, 2021Modified: Jun 17, 2026

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue

Affected (1)

1 product
My Site Audit
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Up to 1.2.4

References (2)

Source: contact@wpscan.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.