CVE-2021-24426

🗓️ 12 Jul 2021 19:20:58Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 41 Views🌐 WEB

The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 has a reflected Cross-Site Scripting issu

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2021-24426	13 Jul 202100:18	–	circl
CNNVD	WordPress 插件跨站脚本漏洞	12 Jul 202100:00	–	cnnvd
CNVD	WordPress plugin has an unspecified vulnerability (CNVD-2021-59599)	14 Jul 202100:00	–	cnvd
Cvelist	CVE-2021-24426 Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS)	12 Jul 202119:20	–	cvelist
EUVD	EUVD-2021-11338	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24426	12 Jul 202120:15	–	nvd
OSV	CVE-2021-24426	12 Jul 202120:15	–	osv
Patchstack	WordPress Backup by 10Web – Backup and Restore plugin <= 1.0.20 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability	23 May 202100:00	–	patchstack
Prion	Cross site scripting	12 Jul 202120:15	–	prion
RedhatCVE	CVE-2021-24426	22 May 202521:05	–	redhatcve

NVD

Vulners

Node

web-dorado backup-wdRange≤1.0.20wordpress

[
  {
    "product": "Backup by 10Web – Backup and Restore Plugin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.0.20",
        "status": "affected",
        "version": "1.0.20",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/48464b3f-fe57-40fe-8868-398a36099fb9
m0ze	www.m0ze.ru/vulnerability/%5B2021-05-23%5D-%5BWordPress%5D-%5BCWE-79%5D-Backup-by-10Web-WordPress-Plugin-v1.0.20.txt

Parameter	Position	Path	Description	CWE
tab	query param	/wp-admin/admin.php?page=buwd_restore&tab=general%22%3E%3Cimg%20src=x%20onerror=alert(document.domain);%20m0ze	Reflected XSS via the tab parameter in Backup by 10Web – Backup and Restore Plugin for WordPress (vulnerable up to 1.0.20) leading to script execution	CWE-79

21 Nov 2024 05:53Current

4.9Medium risk

Vulners AI Score4.9

CVSS 23.5

CVSS 3.14.8

EPSS0.00206

CWE-79