Lucene search

[email protected]NVD:CVE-2021-25010

HistoryFeb 28, 2022 - 9:15 a.m.

CVE-2021-25010

2022-02-2809:15:08

CWE-352

[email protected]

web.nvd.nist.gov

wordpress plugin

csrf vulnerability

stored xss

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

43.4%

JSON

The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues

Affected configurations

Nvd

Node

postsnippetspost_snippetsRange<3.1.4wordpress

VendorProductVersionCPE
postsnippetspost_snippets*cpe:2.3:a:postsnippets:post_snippets:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
postsnippets	post_snippets	*	cpe:2.3:a:postsnippets:post_snippets::::::wordpress::*

References

wpscan.com/vulnerability/d1ebd15a-72ab-4ba2-a212-7e2eea0b0fb0

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

43.4%

JSON

Related for NVD:CVE-2021-25010

patchstack1 cnvd1 prion1 cvelist1 cve1 wpvulndb1 wpexploit1