WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)
CVE-2021-24211

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: WordPress Related Posts
Vendor: CVE Published:; 5 April 2021

Summary

The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser.

Affected Version(s)

WordPress Related Posts 3.6.4

References

https://wpscan.com/vulnerability/37e0a033-3dee-476d-ae86-...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 5, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

Ganesh Bagaria