CVE-2021-24619

{"id": "CVE-2021-24619", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2021-09-13T18:15:17.507", "references": [{"url": "https://wpscan.com/vulnerability/f360f383-0646-44ca-b49e-e2258dfbf3a6", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/f360f383-0646-44ca-b49e-e2258dfbf3a6", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues."}, {"lang": "es", "value": "El plugin de WordPress Per page add to head versiones hasta 1.4.4, no sanea apropiadamente uno de sus par\u00e1metros, permitiendo ser insertado un HTML malicioso por parte de usuarios con altos privilegios incluso cuando la capacidad unfiltered_html est\u00e1 deshabilitada, lo que podr\u00eda conllevar a problemas de tipo Cross-Site Scripting"}], "lastModified": "2024-11-21T05:53:25.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:evona:per_page_add_to_head:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F3E53654-DC2B-4EF5-B865-CA102F10D2F6", "versionEndIncluding": "1.4.4"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}