CVE-2021-24322
Description
The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue.
CWE
- CWE-79 — CWE-79 Cross-site Scripting (XSS)
Affected
- Delicious Brains / Database Backup for WordPress — v=2.4 <2.4 [affected]
CVSS
- (none)
References
- https://wpscan.com/vulnerability/6bea6301-0762-45c3-a4eb-15d6ac4f9f37 x_refsource_CONFIRM
- https://m0ze.ru/vulnerability/%5B2021-04-04%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-DB-Backup-WordPress-Plugin-v2.3.3.txt x_refsource_MISC
Source
cvelistV5-main/cves/2021/24xxx/CVE-2021-24322.json