Vulnerability Details : CVE-2021-24543
Potential exploit
The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue.
Vulnerability category: Cross site scripting (XSS)Cross-site request forgery (CSRF)
Products affected by CVE-2021-24543
- Jquery-reply-to-comment Project » Jquery-reply-to-comment » For WordpressVersions up to, including, (<=) 1.31cpe:2.3:a:jquery-reply-to-comment_project:jquery-reply-to-comment:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-24543
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-24543
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2021-24543
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by:
- contact@wpscan.com (Primary)
- nvd@nist.gov (Secondary)
-
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.Assigned by:
- contact@wpscan.com (Primary)
- nvd@nist.gov (Secondary)
References for CVE-2021-24543
-
https://wpscan.com/vulnerability/aa23f743-811b-4fd1-81a9-42916342e312
Attention Required! | CloudflareExploit;Third Party Advisory
Jump to