cvelistv5 - cve-2021-24332

CVE-2021-24332 (GCVE-0-2021-24332)

Vulnerability from cvelistv5

Published

2021-05-24 10:58

Modified

2024-08-03 19:28

Severity ?

CWE

CWE-79 - Cross-site Scripting (XSS)

Summary

The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues

References

URL	Tags
contact@wpscan.com	https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt
contact@wpscan.com	https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt
af854a3a-2127-422b-91ae-364da2661108	https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	Unknown	Autoptimize	Version: 2.8.4 < 2.8.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autoptimize",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "2.8.4",
              "status": "affected",
              "version": "2.8.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "m0ze"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-24T10:58:05",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autoptimize \u003c 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24332",
          "STATE": "PUBLIC",
          "TITLE": "Autoptimize \u003c 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autoptimize",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.8.4",
                            "version_value": "2.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "m0ze"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
            },
            {
              "name": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt",
              "refsource": "MISC",
              "url": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24332",
    "datePublished": "2021-05-24T10:58:05",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:28:23.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-24332\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2021-05-24T11:15:08.430\",\"lastModified\":\"2024-11-21T05:52:51.713\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues\"},{\"lang\":\"es\",\"value\":\"El plugin  Autoptimize WordPress versiones anteriores a 2.8.4, carece de un escape y un saneamiento adecuados en algunas de sus configuraciones, lo que permit\u00eda a usuarios muy privilegiados configurar cargas \u00fatiles XSS en ellos, conllevando a problemas de tipo cross-site scripting almacenado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autoptimize:autoptimize:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"2.8.4\",\"matchCriteriaId\":\"AF2B19BB-CB07-485C-B00C-4F9FC892D81E\"}]}]}],\"references\":[{\"url\":\"https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt\",\"source\":\"contact@wpscan.com\"},{\"url\":\"https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

gsd-2021-24332

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-24332

Aliases

CVE-2021-24332

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-24332",
    "description": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues",
    "id": "GSD-2021-24332"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-24332"
      ],
      "details": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues",
      "id": "GSD-2021-24332",
      "modified": "2023-12-13T01:23:37.779801Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "contact@wpscan.com",
        "ID": "CVE-2021-24332",
        "STATE": "PUBLIC",
        "TITLE": "Autoptimize \u003c 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Autoptimize",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "2.8.4",
                          "version_value": "2.8.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Unknown"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "m0ze"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues"
          }
        ]
      },
      "generator": "WPScan CVE Generator",
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-79 Cross-site Scripting (XSS)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb",
            "refsource": "CONFIRM",
            "url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
          },
          {
            "name": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt",
            "refsource": "MISC",
            "url": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:autoptimize:autoptimize:*:*:*:*:*:wordpress:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.8.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24332"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
            },
            {
              "name": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.7,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-05-28T20:04Z",
      "publishedDate": "2021-05-24T11:15Z"
    }
  }
}

fkie_cve-2021-24332

Vulnerability from fkie_nvd

Published

2021-05-24 11:15

Modified

2024-11-21 05:52

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
contact@wpscan.com	https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt
contact@wpscan.com	https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt
af854a3a-2127-422b-91ae-364da2661108	https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	autoptimize	autoptimize	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autoptimize:autoptimize:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "AF2B19BB-CB07-485C-B00C-4F9FC892D81E",
              "versionEndExcluding": "2.8.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues"
    },
    {
      "lang": "es",
      "value": "El plugin  Autoptimize WordPress versiones anteriores a 2.8.4, carece de un escape y un saneamiento adecuados en algunas de sus configuraciones, lo que permit\u00eda a usuarios muy privilegiados configurar cargas \u00fatiles XSS en ellos, conllevando a problemas de tipo cross-site scripting almacenado"
    }
  ],
  "id": "CVE-2021-24332",
  "lastModified": "2024-11-21T05:52:51.713",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-24T11:15:08.430",
  "references": [
    {
      "source": "contact@wpscan.com",
      "url": "https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt"
    },
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://m0ze.ru/vulnerability/%5B2021-04-01%5D-%5BWordPress%5D-%5BCWE-79%5D-Autoptimize-WordPress-Plugin-v2.8.3.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
    }
  ],
  "sourceIdentifier": "contact@wpscan.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "contact@wpscan.com",
      "type": "Primary"
    }
  ]
}

ghsa-5fgw-wpxm-vqq2

Vulnerability from github

Published

2022-05-24 19:03

Modified

2022-05-24 19:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-24332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-24T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues",
  "id": "GHSA-5fgw-wpxm-vqq2",
  "modified": "2022-05-24T19:03:07Z",
  "published": "2022-05-24T19:03:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24332"
    },
    {
      "type": "WEB",
      "url": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cnvd-2021-37139

Vulnerability from cnvd

Title: WordPress跨站脚本漏洞（CNVD-2021-37139）

Description:

WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。

WordPress Autoptimize WordPress plugin 2.8.4版本之前存在跨站脚本漏洞。该漏洞源于插件在一些设置中缺少了适当的转译和验证，允许高权限用户触发跨站脚本漏洞。目前没有详细的漏洞细节提供。

Severity: 中

Patch Name: WordPress跨站脚本漏洞（CNVD-2021-37139）的补丁

Patch Description:

WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。

WordPress Autoptimize WordPress plugin 2.8.4版本之前存在跨站脚本漏洞。该漏洞源于插件在一些设置中缺少了适当的转译和验证，允许高权限用户触发跨站脚本漏洞。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24332

Impacted products

Name
WordPress WordPress Autoptimize WordPress plugin <2.8.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-24332",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-24332"
    }
  },
  "description": "WordPress\u662fWordPress\uff08Wordpress\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002\n\nWordPress Autoptimize WordPress plugin 2.8.4\u7248\u672c\u4e4b\u524d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u5728\u4e00\u4e9b\u8bbe\u7f6e\u4e2d\u7f3a\u5c11\u4e86\u9002\u5f53\u7684\u8f6c\u8bd1\u548c\u9a8c\u8bc1\uff0c\u5141\u8bb8\u9ad8\u6743\u9650\u7528\u6237\u89e6\u53d1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-37139",
  "openTime": "2021-05-26",
  "patchDescription": "WordPress\u662fWordPress\uff08Wordpress\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002\r\n\r\nWordPress Autoptimize WordPress plugin 2.8.4\u7248\u672c\u4e4b\u524d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u5728\u4e00\u4e9b\u8bbe\u7f6e\u4e2d\u7f3a\u5c11\u4e86\u9002\u5f53\u7684\u8f6c\u8bd1\u548c\u9a8c\u8bc1\uff0c\u5141\u8bb8\u9ad8\u6743\u9650\u7528\u6237\u89e6\u53d1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-37139\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress WordPress Autoptimize WordPress plugin \u003c2.8.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-24332",
  "serverity": "\u4e2d",
  "submitTime": "2021-05-25",
  "title": "WordPress\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-37139\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-24332 (GCVE-0-2021-24332)

Vulnerability from cvelistv5

gsd-2021-24332

Vulnerability from gsd

fkie_cve-2021-24332

Vulnerability from fkie_nvd

ghsa-5fgw-wpxm-vqq2

Vulnerability from github

cnvd-2021-37139

Vulnerability from cnvd

Tags

Sightings

Nomenclature