Lucene search

CVE-2021-24211

🗓️ 05 Apr 2021 19:17:15Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 34 Views🌐 WEB

WordPress Related Posts plugin through 3.6.4 authenticated stored XSS vulnerability

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2021-24211 WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)	5 Apr 202118:27	–	cvelist
NVD	CVE-2021-24211	5 Apr 202119:15	–	nvd
wpexploit	WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)	19 Mar 202100:00	–	wpexploit
Prion	Cross site scripting	5 Apr 202119:15	–	prion
WPVulnDB	WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)	19 Mar 202100:00	–	wpvulndb

Nvd

Vulners

Node

wphive wordpress_related_postsRange≤3.6.4wordpress

[
  {
    "product": "WordPress Related Posts",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "3.6.4",
        "status": "affected",
        "version": "3.6.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/37e0a033-3dee-476d-ae86-68354e8f0b1c

Parameter	Position	Path	Description	CWE
Related Posts Title	request body	/wp-admin/admin.php?page=wordpress-related-posts	Authenticated stored XSS vulnerability in the title field of the settings page allowing execution of arbitrary JavaScript in users' browsers.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Apr 2021 19:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS23.5

CVSS35.4

EPSS0.00188

CWE-79