CVE-2021-24611

🗓️ 06 Sep 2021 11:09:34Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 39 Views🌐 WEB

Meta WordPress plugin through 3.0, Cross-Site Scripting & CSRF issue

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-24611	6 Sep 202114:40	–	circl
CNNVD	WordPress 插件跨站脚本漏洞	6 Sep 202100:00	–	cnnvd
CNVD	WordPress Cross-Site Scripting Vulnerability (CNVD-2021-70737)	8 Sep 202100:00	–	cnvd
Cvelist	CVE-2021-24611 Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS)	6 Sep 202111:09	–	cvelist
EUVD	EUVD-2021-11523	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24611	6 Sep 202111:15	–	nvd
Patchstack	WordPress Keyword Meta plugin <= 3.0 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)	9 Aug 202100:00	–	patchstack
Prion	Cross site scripting	6 Sep 202111:15	–	prion
RedhatCVE	CVE-2021-24611	22 May 202518:57	–	redhatcve
wpexploit	Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS)	9 Aug 202100:00	–	wpexploit

NVD

Vulners

Node

keyword_meta_project keyword_metaRange≤3.0wordpress

[
  {
    "product": "Keyword Meta",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "3.0",
        "status": "affected",
        "version": "3.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/b4a2e595-6971-4a2a-a346-ac4445a5e0cd

Parameter	Position	Path	Description	CWE
keywords_add	request body	wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php	Lack of CSRF protection allows authenticated attacker to modify plugin settings; output may be unsanitised, enabling XSS via saved settings.	CWE-352, CWE-79
keywords_edit	request body	wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php	Lack of CSRF protection allows authenticated attacker to modify plugin settings; output may be unsanitised, enabling XSS via saved settings.	CWE-352, CWE-79
description_edit	request body	wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php	Lack of CSRF protection allows authenticated attacker to modify plugin settings; output may be unsanitised, enabling XSS via saved settings.	CWE-352, CWE-79
og_enable	request body	wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php	Lack of CSRF protection allows authenticated attacker to modify plugin settings; output may be unsanitised, enabling XSS via saved settings.	CWE-352, CWE-79
og_type_edit	request body	wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php	Lack of CSRF protection allows authenticated attacker to modify plugin settings; output may be unsanitised, enabling XSS via saved settings.	CWE-352, CWE-79
og_title_all	request body	wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php	Lack of CSRF protection allows authenticated attacker to modify plugin settings; output may be unsanitised, enabling XSS via saved settings.	CWE-352, CWE-79
og_url_edit	request body	wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php	Lack of CSRF protection allows authenticated attacker to modify plugin settings; output may be unsanitised, enabling XSS via saved settings.	CWE-352, CWE-79
og_image_edit	request body	wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php	Lack of CSRF protection allows authenticated attacker to modify plugin settings; output may be unsanitised, enabling XSS via saved settings.	CWE-352, CWE-79
og_image_all	request body	wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php	Lack of CSRF protection allows authenticated attacker to modify plugin settings; output may be unsanitised, enabling XSS via saved settings.	CWE-352, CWE-79
apple_icon_edit	request body	wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php	Lack of CSRF protection allows authenticated attacker to modify plugin settings; output may be unsanitised, enabling XSS via saved settings.	CWE-352, CWE-79

21 Nov 2024 05:53Current

5.2Medium risk

Vulners AI Score5.2

CVSS 23.5

CVSS 3.15.4

EPSS0.00085