CVE-2021-24440 Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

2021-07-1219:21:02

CWE-79

WPScan

www.cve.org

cve-2021-24440

authenticated

stored cross-site scripting

wordpress plugin

admin dashboard

vulnerability

EPSS

0.001

Percentile

24.8%

JSON

The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the ‘All Sheets’ page in the admin dashboard

CNA Affected

[
  {
    "product": "Sign-up Sheets",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.0.14",
        "status": "affected",
        "version": "1.0.14",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/ba4503f7-684e-4274-bc53-3aa848712496

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2021-24440