Lucene search
HistoryOct 10, 2022 - 9:15 p.m.
CVE-2021-25044
cryptocurrency
wordpress
xss
vulnerability
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue
Affected configurations
Node
premium-themescryptocurrency_pricing_list_and_tickerRange≤1.5wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| premium-themes | cryptocurrency_pricing_list_and_ticker | * | cpe:2.3:a:premium-themes:cryptocurrency_pricing_list_and_ticker:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
cve
cve
CVE-2021-25044
2022-10-10 21:15:09
prion
prion
Cross site scripting
2022-10-10 21:15:00
cnvd
cnvd
patchstack
patchstack
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
Related for NVD:CVE-2021-25044