CVE-2021-24771

🗓️ 13 Dec 2021 10:40:48Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 38 Views🌐 WEB

The Inspirational Quote Rotator WordPress plugin through 1.0.0 allows Stored Cross-Site scripting via unsanitized fields in admin quote editin

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2021-24771	13 Dec 202114:23	–	circl
CNNVD	WordPress 插件跨站脚本漏洞	13 Dec 202100:00	–	cnnvd
CNVD	WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101989)	18 Dec 202100:00	–	cnvd
Cvelist	CVE-2021-24771 Inspirational Quote Rotator <= 1.0.0 - Admin+ Stored Cross-Site Scripting	13 Dec 202110:40	–	cvelist
EUVD	EUVD-2021-11683	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24771	13 Dec 202111:15	–	nvd
OSV	CVE-2021-24771	13 Dec 202111:15	–	osv
Patchstack	WordPress Inspirational Quote Rotator plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability	15 Nov 202100:00	–	patchstack
Prion	Cross site scripting	13 Dec 202111:15	–	prion
RedhatCVE	CVE-2021-24771	22 May 202519:23	–	redhatcve

NVD

Vulners

Node

inspirational_quote_rotator_project inspirational_quote_rotatorRange≤1.0.0wordpress

[
  {
    "product": "Inspirational Quote Rotator",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.0.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/a6d57fda-79a7-4bf8-b18e-8cf0a4efd1b3

Parameter	Position	Path	Description	CWE
title	request body	/wp-admin/options-general.php?page=iqr-settings	Stored Cross-Site Scripting due to insufficient sanitization/escaping of quote fields when adding/editing a quote via admin settings.	CWE-79
content	request body	/wp-admin/options-general.php?page=iqr-settings	Stored Cross-Site Scripting due to insufficient sanitization/escaping of quote fields when adding/editing a quote via admin settings.	CWE-79