Lucene search
WpvulndbWPVDB-ID:BC6B46D2-BDFF-46D6-8347-59CF510DD61DHistoryOct 14, 2021 - 12:00 a.m.
Author Bio Box < 3.4.0 - Admin+ Stored Cross-Site Scripting
2021-10-1400:00:00
wpscan.com
9
stored cross-site scripting
input validation
sanitization
admin access
multi-site installations
unfiltered_html
EPSS
0.001
Percentile
26.4%
The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-author-bio-box-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
Related
cve
cve
CVE-2021-39349
2021-10-15 13:15:08
prion
prion
Cross site scripting
2021-10-15 13:15:00
cvelist
cvelist
cnvd
cnvd
WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-83673)
2021-10-19 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2021-39349
2021-10-15 13:15:08
osv
osv
CVE-2021-39349
2021-10-15 13:15:08