The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/3673e13f-7ce6-4d72-b179-ae4bab55514c | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/3673e13f-7ce6-4d72-b179-ae4bab55514c | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/3673e13f-7ce6-4d72-b179-ae4bab55514c - Exploit, Third Party Advisory |
29 Nov 2021, 20:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:wprssaggregator:wp_rss_aggregator:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://wpscan.com/vulnerability/3673e13f-7ce6-4d72-b179-ae4bab55514c - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.8 |
29 Nov 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-29 09:15
Updated : 2024-11-21 05:53
NVD link : CVE-2021-24768
Mitre link : CVE-2021-24768
CVE.ORG link : CVE-2021-24768
JSON object : View
Products Affected
wprssaggregator
- wp_rss_aggregator
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')