CVE-2021-24445
5.5
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD
Description
The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
Affected (1)
Products: Draftpress: My Site Audit
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.4 |
References (2)
Source: contact@wpscan.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.