Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-24247
HistoryMay 06, 2021 - 1:15 p.m.

CVE-2021-24247

2021-05-0613:15:11
CWE-79
[email protected]
web.nvd.nist.gov
3
contact form check tester
wordpress plugin
visible settings
sanitization
registered users
xss payload
privilege escalation
vendor closure

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.2%

JSON

The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.

Affected configurations

Nvd
Node
mooveagencycontact_form_check_testerRange1.0.2wordpress
VendorProductVersionCPE
mooveagencycontact_form_check_tester*cpe:2.3:a:mooveagency:contact_form_check_tester:*:*:*:*:*:wordpress:*:*

Related

prion 1
zdt 1
patchstack 1
cvelist 1
packetstorm 1
wpvulndb 1
wpexploit 1
exploitdb 1
cve 1
prion
prion
Privilege escalation
2021-05-06 13:15:00
zdt
zdt
WordPress Contact Form Check Tester 1.0.2 Plugin - Broken Access Control Vulnerability
2022-02-02 00:00:00
patchstack
patchstack
WordPress Contact Form Check Tester plugin <= 1.0.2 - Cross-Site Scripting (XSS) vulnerability
2021-04-10 00:00:00
cvelist
cvelist
CVE-2021-24247 Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
2021-05-05 18:39:43
packetstorm
packetstorm
WordPress Contact Form Check Tester 1.0.2 XSS / Access Control
2022-02-02 00:00:00
wpvulndb
wpvulndb
Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
2021-04-10 00:00:00
wpexploit
wpexploit
Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
2021-04-10 00:00:00
exploitdb
exploitdb
WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control
2022-02-02 00:00:00
cve
cve
CVE-2021-24247
2021-05-06 13:15:11

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.2%

JSON
Related for NVD:CVE-2021-24247
prion1zdt1patchstack1cvelist1packetstorm1wpvulndb1wpexploit1exploitdb1cve1