CVE-2021-24425

🗓️ 02 Aug 2021 10:31:54Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 59 Views🌐 WEB

The myStickymenu WordPress plugin before 2.5.2 allows Stored XSS via unsanitized Bar Text

Reporter	Title	Published	Views	Family All 9
CNNVD	WordPress 跨站脚本漏洞	2 Aug 202100:00	–	cnnvd
Cvelist	CVE-2021-24425 myStickymenu < 2.5.2 - Authenticated Stored XSS	2 Aug 202110:31	–	cvelist
EUVD	EUVD-2021-11337	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24425	2 Aug 202111:15	–	nvd
OpenVAS	WordPress My Sticky Bar Plugin < 2.5.2 XSS Vulnerability	21 Nov 202300:00	–	openvas
Prion	Cross site scripting	2 Aug 202111:15	–	prion
RedhatCVE	CVE-2021-24425	22 May 202519:22	–	redhatcve
wpexploit	myStickymenu < 2.5.2 - Authenticated Stored XSS	21 Jun 202100:00	–	wpexploit
WPVulnDB	myStickymenu < 2.5.2 - Authenticated Stored XSS	21 Jun 202100:00	–	wpvulndb

NVD

Vulners

Node

premio mystickymenuRange<2.5.2wordpress

[
  {
    "product": "Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.5.2",
        "status": "affected",
        "version": "2.5.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
m0ze	www.m0ze.ru/vulnerability/%5B2021-05-21%5D-%5BWordPress%5D-%5BCWE-79%5D-MyStickymenu-WordPress-Plugin-v2.5.1.txt
wpscan	www.wpscan.com/vulnerability/14632fa8-597e-49ff-8583-9797208a3583

Parameter	Position	Path	Description	CWE
mysticky_option_welcomebar[mysticky_welcomebar_bar_text]	request body	wp-admin/admin.php?page=my-stickymenu-welcomebar	Stored Cross-Site Scripting via unsanitized Bar Text in the Welcome Bar settings.	CWE-79

21 Nov 2024 05:53Current

4.9Medium risk

Vulners AI Score4.9

CVSS 23.5

CVSS 3.14.8

EPSS0.00206

CWE-79