Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS
CVE-2021-24619

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Per Page Add To Head
Vendor: CVE Published:; 13 September 2021

What is CVE-2021-24619?

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.

Affected Version(s)

Per page add to head 1.4.4

References

https://wpscan.com/vulnerability/f360f383-0646-44ca-b49e-...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

Prashant Karman Patel