CVE-2021-24372

🗓️ 21 Jun 2021 19:18:19Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 56 Views🌐 WEB

The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitize or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2021-24372	22 Jun 202100:15	–	circl
CNNVD	WordPress 跨站脚本漏洞	21 Jun 202100:00	–	cnnvd
Cvelist	CVE-2021-24372 WP Hardening < 1.2.2 - Reflected XSS via URI	21 Jun 202119:18	–	cvelist
EUVD	EUVD-2021-11285	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24372	21 Jun 202120:15	–	nvd
OpenVAS	WordPress WP Hardening Plugin < 1.2.2 Multiple XSS Vulnerabilities	25 Sep 202300:00	–	openvas
OSV	CVE-2021-24372	21 Jun 202120:15	–	osv
Patchstack	WordPress WP Hardening plugin <= 1.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability	7 Jun 202100:00	–	patchstack
Prion	Cross site scripting	21 Jun 202120:15	–	prion
RedhatCVE	CVE-2021-24372	22 May 202519:21	–	redhatcve

NVD

Vulners

Node

getastra wp_hardeningRange<1.2.2wordpress

[
  {
    "product": "WP Hardening – Fix Your WordPress Security",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.2.2",
        "status": "affected",
        "version": "1.2.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782

Parameter	Position	Path	Description	CWE
v	query param	wp-admin/plugins.php?v=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3Cv=	Reflected XSS: unsanitized REQUEST_URI echoed in an attribute in WP Hardening plugin before 1.2.2.	CWE-79

21 Nov 2024 05:52Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 3.16.1

EPSS0.0021

CWE-79