CVE-2021-24597 You Shang <= 1.0.1 - Authenticated Stored Cross-Site Scripting

2021-09-2010:06:28

CWE-79

WPScan

www.cve.org

wordpress plugin

cross-site scripting

stored cross-site scripting

EPSS

0.001

Percentile

24.8%

JSON

The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used

CNA Affected

[
  {
    "product": "有赏 You Shang",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.0.1",
        "status": "affected",
        "version": "1.0.1",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/37554d0e-68e2-4df9-8c59-65f5cd7f184e

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2021-24597