Lucene search
WPScanCVELIST:CVE-2021-24247HistoryMay 05, 2021 - 6:39 p.m.
CVE-2021-24247 Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
2021-05-0518:39:43
CWE-79
WPScan
www.cve.org
4
cve-2021-24247
contact form
broken access control
cross-site scripting
xss
privilege escalation
wordpress plugin
EPSS
0.001
Percentile
39.2%
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.
CNA Affected
[
{
"product": "Contact Form Check Tester",
"vendor": "MooveAgency",
"versions": [
{
"lessThanOrEqual": "1.0.2",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
]Related
prion
prion
Privilege escalation
2021-05-06 13:15:00
zdt
zdt
nvd
nvd
CVE-2021-24247
2021-05-06 13:15:11
patchstack
patchstack
packetstorm
packetstorm
WordPress Contact Form Check Tester 1.0.2 XSS / Access Control
2022-02-02 00:00:00
wpvulndb
wpvulndb
wpexploit
wpexploit
exploitdb
exploitdb
WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control
2022-02-02 00:00:00
cve
cve
CVE-2021-24247
2021-05-06 13:15:11