The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue.
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8 | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:52
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8 - Exploit, Third Party Advisory |
25 Jun 2021, 13:19
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:getastra:wp_hardening:*:*:*:*:*:wordpress:*:* | |
| References | (CONFIRM) https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8 - Exploit, Third Party Advisory | |
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
21 Jun 2021, 20:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-06-21 20:15
Updated : 2024-11-21 05:52
NVD link : CVE-2021-24373
Mitre link : CVE-2021-24373
CVE.ORG link : CVE-2021-24373
JSON object : View
Products Affected
getastra
- wp_hardening
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')