Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-4372
HistoryJun 07, 2023 - 2:15 a.m.

CVE-2021-4372

2023-06-0702:15:15
CWE-79
[email protected]
web.nvd.nist.gov
3
wordpress
woocommerce
cross-site scripting
vulnerability
sanitization
unauthenticated
administrator

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

51.0%

JSON

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it possible for unauthenticated attackers to import a settings file containing malicious JavaScript that would execute when an administrator accesses the settings area of the site.

Affected configurations

Nvd
Node
rightpresswoocommerce_dynamic_pricing_and_discountsRange2.4.1wordpress
VendorProductVersionCPE
rightpresswoocommerce_dynamic_pricing_and_discounts*cpe:2.3:a:rightpress:woocommerce_dynamic_pricing_and_discounts:*:*:*:*:*:wordpress:*:*

Related

cvelist 1
prion 1
cve 1
cvelist
cvelist
CVE-2021-4372
2023-06-07 01:51:41
prion
prion
Cross site scripting
2023-06-07 02:15:00
cve
cve
CVE-2021-4372
2023-06-07 02:15:15

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

51.0%

JSON
Related for NVD:CVE-2021-4372
cvelist1prion1cve1