Lucene search
WPScanCVELIST:CVE-2021-24936HistoryJan 24, 2022 - 8:00 a.m.
CVE-2021-24936 WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting
2022-01-2408:00:56
CWE-352
WPScan
www.cve.org
The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
CNA Affected
[
{
"product": "WP Extra File Types",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "0.5.1",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-24936
2022-01-24 08:15:08
cnvd
cnvd
openvas
openvas
WordPress WP Extra File Types Plugin < 0.5.1 CSRF Vulnerability
2023-09-25 00:00:00
wpvulndb
wpvulndb
WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting
2021-12-27 00:00:00
wpexploit
wpexploit
WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting
2021-12-27 00:00:00
patchstack
patchstack
prion
prion
Cross site scripting
2022-01-24 08:15:00
nvd
nvd
CVE-2021-24936
2022-01-24 08:15:08