CVE-2021-25044

The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue
Configurations

Configuration 1 (hide)

cpe:2.3:a:premium-themes:cryptocurrency_pricing_list_and_ticker:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:54

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/dc1507c1-8894-4ab6-b25f-c5e26a425b03 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/dc1507c1-8894-4ab6-b25f-c5e26a425b03 - Exploit, Third Party Advisory

11 Oct 2022, 18:36

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-10 21:15

Updated : 2024-11-21 05:54


NVD link : CVE-2021-25044

Mitre link : CVE-2021-25044

CVE.ORG link : CVE-2021-25044


JSON object : View

Products Affected

premium-themes

  • cryptocurrency_pricing_list_and_ticker
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')