CVE-2021-24607

🗓️ 08 Nov 2021 17:34:46Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 48 Views🌐 WEB

The Storefront Footer Text WordPress plugin through 1.0.1 allows XSS attacks

Reporter	Title	Published	Views	Family All 10
CNNVD	WordPress 跨站脚本漏洞	8 Nov 202100:00	–	cnnvd
CNVD	WordPress Storefront Footer Text plugin cross-site scripting vulnerability	10 Nov 202100:00	–	cnvd
Cvelist	CVE-2021-24607 Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting	8 Nov 202117:34	–	cvelist
EUVD	EUVD-2021-11519	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24607	8 Nov 202118:15	–	nvd
Patchstack	WordPress Storefront Footer Text plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) vulnerability	11 Oct 202100:00	–	patchstack
Prion	Cross site scripting	8 Nov 202118:15	–	prion
RedhatCVE	CVE-2021-24607	22 May 202519:22	–	redhatcve
wpexploit	Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting	11 Oct 202100:00	–	wpexploit
WPVulnDB	Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting	11 Oct 202100:00	–	wpvulndb

NVD

Vulners

Node

wooassist storefront_footer_textRange≤1.0.1wordpress

[
  {
    "product": "Storefront Footer Text",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.0.1",
        "status": "affected",
        "version": "1.0.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/efa7d91a-447b-4fd8-aa21-5364b177fee9

Parameter	Position	Path	Description	CWE
Footer Credit Text	request body	/wp-admin/customize.php	Lack of sanitization/escaping for Footer Credit Text enables XSS in frontend and customize panel.	CWE-79

21 Nov 2024 05:53Current

4.7Medium risk

Vulners AI Score4.7

CVSS 23.5

CVSS 3.14.8

EPSS0.00206

CWE-79