Lucene search

[email protected]NVD:CVE-2021-24994

HistoryFeb 28, 2022 - 9:15 a.m.

CVE-2021-24994

2022-02-2809:15:08

CWE-79

[email protected]

web.nvd.nist.gov

wordpress plugin

authorization

input sanitization

xss issue

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

44.3%

JSON

The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue

Affected configurations

Nvd

Node

wpvividmigration\,_backup\,_stagingRange<0.9.69wordpress

VendorProductVersionCPE
wpvividmigration\,_backup\,_staging*cpe:2.3:a:wpvivid:migration\,_backup\,_staging:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpvivid	migration\,_backup\,_staging	*	cpe:2.3:a:wpvivid:migration\,_backup\,_staging::::::wordpress::*

References

wpscan.com/vulnerability/ea74257a-f6b0-49e9-a81f-53c0eb81b1da

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

44.3%

JSON

Related for NVD:CVE-2021-24994

cvelist1 patchstack1 cve1 prion1