Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by sovrn

    CVE-2021-24211 (GCVE-0-2021-24211)

    Vulnerability from cvelistv5 – Published: 2021-04-05 18:27 – Updated: 2024-08-03 19:21
    VLAI
    Title
    WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)
    Summary
    The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown WordPress Related Posts Affected: 3.6.4 , ≤ 3.6.4 (custom)
    		Create a notification for this product.
    Credits
    Ganesh Bagaria
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:18.808Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/37e0a033-3dee-476d-ae86-68354e8f0b1c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WordPress Related Posts",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThanOrEqual": "3.6.4",
              "status": "affected",
              "version": "3.6.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ganesh Bagaria"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user\u0027s browser."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-05T18:27:47.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/37e0a033-3dee-476d-ae86-68354e8f0b1c"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "WordPress Related Posts \u003c= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24211",
          "STATE": "PUBLIC",
          "TITLE": "WordPress Related Posts \u003c= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WordPress Related Posts",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "3.6.4",
                            "version_value": "3.6.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ganesh Bagaria"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user\u0027s browser."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/37e0a033-3dee-476d-ae86-68354e8f0b1c",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/37e0a033-3dee-476d-ae86-68354e8f0b1c"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24211",
    "datePublished": "2021-04-05T18:27:47.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:21:18.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}