Lucene search
WPScanCVELIST:CVE-2021-24481HistoryAug 02, 2021 - 10:32 a.m.
CVE-2021-24481 Any Hostname <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS)
2021-08-0210:32:21
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
24.9%
The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its “Allowed hosts” setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it
CNA Affected
[
{
"product": "Any Hostname",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0.6",
"status": "affected",
"version": "1.0.6",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-24481
2021-08-02 11:15:10
wpvulndb
wpvulndb
Any Hostname <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-28 00:00:00
prion
prion
Cross site scripting
2021-08-02 11:15:00
nvd
nvd
CVE-2021-24481
2021-08-02 11:15:10
cnvd
cnvd
WordPress The Any Hostname plugin cross-site scripting vulnerability
2021-08-05 00:00:00
wpexploit
wpexploit
Any Hostname <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-28 00:00:00