CVE-2021-24424

State: PUBLISHED · Published: 2021-07-12 · Updated: 2024-08-03 · Assigner: WPScan

Description

The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Unknown / WP Reset – Most Advanced WordPress Reset Tool — v=1.90 <1.90 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/90cf8f9d-4d37-405d-b161-239bdb281828 x_refsource_CONFIRM
https://m0ze.ru/vulnerability/%5B2021-05-26%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Reset-WordPress-Plugin-v1.86.txt x_refsource_MISC

Source

cvelistV5-main/cves/2021/24xxx/CVE-2021-24424.json