CVE-2021-24605

🗓️ 13 Sep 2021 17:56:28Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 41 Views🌐 WEB

The create_post_page AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 does not sanitize or escape user input before outputting, leading to a Reflected Cross-Site scripting issue

Reporter	Title	Published	Views	Family All 9
CNNVD	WordPress 插件跨站脚本漏洞	13 Sep 202100:00	–	cnnvd
Cvelist	CVE-2021-24605 Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting	13 Sep 202117:56	–	cvelist
EUVD	EUVD-2021-11517	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24605	13 Sep 202118:15	–	nvd
Patchstack	WordPress Custom Post View Generator plugin <= 0.4.6 - Reflected Cross-Site Scripting (XSS) vulnerability	10 Sep 202100:00	–	patchstack
Prion	Cross site scripting	13 Sep 202118:15	–	prion
RedhatCVE	CVE-2021-24605	22 May 202521:03	–	redhatcve
wpexploit	Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting	10 Aug 202100:00	–	wpexploit
WPVulnDB	Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting	10 Aug 202100:00	–	wpvulndb

NVD

Vulners

Node

custom_post_view_generator_project custom_post_view_generatorRange≤0.4.6wordpress

[
  {
    "product": "Custom Post View Generator",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "0.4.6",
        "status": "affected",
        "version": "0.4.6",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/e0be384c-3e63-49f6-b2ab-3024dcd88686

Parameter	Position	Path	Description	CWE
object_type	request body	/wp-admin/admin-ajax.php?action=create_postpage	Reflected XSS in create_post_page AJAX action due to insufficient sanitization/escaping of user input echoed in response	CWE-79

21 Nov 2024 05:53Current

5.4Medium risk

Vulners AI Score5.4

CVSS 23.5

CVSS 3.15.4

EPSS0.00368

CWE-79