Lucene search
JrXnmWPVDB-ID:4FB61B84-FF5F-4B4C-A516-54B749F9611EHistoryDec 27, 2021 - 12:00 a.m.
WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting
2021-12-2700:00:00
JrXnm
wpscan.com
5
0.001 Low
EPSS
Percentile
32.2%
The plugin does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
PoC
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-extra-file-types | lt | 0.5.1 |
Related
cve
cve
CVE-2021-24936
2022-01-24 08:15:08
cnvd
cnvd
openvas
openvas
WordPress WP Extra File Types Plugin < 0.5.1 CSRF Vulnerability
2023-09-25 00:00:00
cvelist
cvelist
wpexploit
wpexploit
WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting
2021-12-27 00:00:00
patchstack
patchstack
prion
prion
Cross site scripting
2022-01-24 08:15:00
nvd
nvd
CVE-2021-24936
2022-01-24 08:15:08