Lucene search
WPScanCVELIST:CVE-2021-24444HistoryAug 02, 2021 - 12:00 a.m.
CVE-2021-24444 TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)
2021-08-0200:00:00
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
41.1%
The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.
CNA Affected
[
{
"vendor": "Unknown",
"product": "TaxoPress – Create and Manage Taxonomies, Tags, Categories",
"versions": [
{
"version": "3.0.7.2",
"status": "affected",
"lessThan": "3.0.7.2",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site scripting
2021-08-02 11:15:00
packetstorm
packetstorm
WordPress TaxoPress 3.0.7.1 Cross Site Scripting
2021-10-25 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2021-24444
2021-08-02 11:15:09
wpvulndb
wpvulndb
TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-30 00:00:00
cve
cve
CVE-2021-24444
2021-08-02 11:15:09
wpexploit
wpexploit
TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-30 00:00:00
zdt
zdt
exploitdb
exploitdb