Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS
CVE-2021-24743

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Podcast Subscribe Buttons
Vendor: CVE Published:; 18 October 2021

Summary

The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS.

Affected Version(s)

Podcast Subscribe Buttons 1.4.2

References

https://wpscan.com/vulnerability/998395f0-f176-45b9-baf7-...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 18, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

apple502j

.