Recipe Card Blocks < 2.8.3 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24634

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Recipe Card Blocks By WPzoom
Vendor: CVE Published:; 27 September 2021

What is CVE-2021-24634?

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks.

Affected Version(s)

Recipe Card Blocks by WPZOOM 2.8.3

References

https://wpscan.com/vulnerability/a49c5a5b-57c0-4801-8bf1-...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

apple502j