CVE-2021-42365

🗓️ 29 Nov 2021 18:10:23Reported by WordfenceType

cve🔗 web.nvd.nist.gov👁 45 Views🌐 WEB

The Asgaros Forums WordPress plugin v1.15.13 is prone to Stored Cross-Site Scripting via name parameter in ~/admin/tables/admin-structure-table.php

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-42365	29 Nov 202122:33	–	circl
CNNVD	WordPress 插件跨站脚本漏洞	29 Nov 202100:00	–	cnnvd
CNVD	WordPress plugin cross-site scripting vulnerability (CNVD-2021-102811)	1 Dec 202100:00	–	cnvd
Cvelist	CVE-2021-42365 Asgaros Forums <= 1.15.13 Authenticated Stored XSS	29 Nov 202118:10	–	cvelist
EUVD	EUVD-2021-29336	3 Oct 202520:07	–	euvd
NVD	CVE-2021-42365	29 Nov 202119:15	–	nvd
OSV	CVE-2021-42365	29 Nov 202119:15	–	osv
Patchstack	WordPress Asgaros Forum plugin <= 1.15.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability	29 Nov 202100:00	–	patchstack
Prion	Cross site scripting	29 Nov 202119:15	–	prion
Vulnrichment	CVE-2021-42365 Asgaros Forums <= 1.15.13 Authenticated Stored XSS	29 Nov 202118:10	–	vulnrichment

NVD

Vulners

Node

asgaros asgaros_forumRange<1.15.14wordpress

[
  {
    "product": "Asgaros Forums",
    "vendor": "Asgaros Forums",
    "versions": [
      {
        "lessThanOrEqual": "1.15.13",
        "status": "affected",
        "version": "1.15.13",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/2635143/asgaros-forum/trunk/admin/tables/admin-structure-table.php
wordfence	www.wordfence.com/vulnerability-advisories/

Parameter	Position	Path	Description	CWE
name	request body	admin/tables/admin-structure-table.php	Stored Cross-Site Scripting via the name parameter in admin-structure-table.php (Asgaros Forums WordPress plugin) allowing an attacker with administrative access to inject arbitrary scripts.	CWE-79

17 Jun 2026 04:09Current

4.8Medium risk

Vulners AI Score4.8

CVSS 22.1

CVSS 3.14.8

EPSS0.00677

SSVC

CWE-79