WP-Ban ban-options.php toggle_checkbox cross site scripting
CVE-2021-4252

3.5LOW

Key Information:

Vendor: WordPress
Status: WP-ban
Vendor: CVE Published:; 18 December 2022

Summary

A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER["HTTP_USER_AGENT"] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76. It is recommended to apply a patch to fix this issue. The identifier VDB-216209 was assigned to this vulnerability.

Affected Version(s)

WP-Ban

References

https://github.com/lesterchan/wp-ban/pull/11

https://github.com/lesterchan/wp-ban/commit/13e0b1e922f3a...

https://vuldb.com/?id.216209

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2022
Vulnerability Reserved
Dec 18, 2022