Lucene search
China National Vulnerability DatabaseCNVD-2022-19821HistoryJan 26, 2022 - 12:00 a.m.
WordPress myCred plugin cross-site scripting vulnerability
2022-01-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
wordpress
mycred plugin
cross-site scripting
php
mysql
search queries
client side
EPSS
0.001
Percentile
31.7%
WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. a cross-site scripting vulnerability exists in versions of WordPress prior to myCred plugin 2.4, which stems from the failure to clean and escape search queries before outputting them back to the history dashboard page. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
Related
cvelist
cvelist
CVE-2021-25015 myCred < 2.4 - Reflected Cross-Site Scripting
2022-01-24 08:01:09
wpvulndb
wpvulndb
myCred < 2.4 - Reflected Cross-Site Scripting
2021-12-27 00:00:00
nvd
nvd
CVE-2021-25015
2022-01-24 08:15:09
patchstack
patchstack
prion
prion
Cross site scripting
2022-01-24 08:15:00
cve
cve
CVE-2021-25015
2022-01-24 08:15:09
wpexploit
wpexploit
myCred < 2.4 - Reflected Cross-Site Scripting
2021-12-27 00:00:00