Vulnerability Description
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trumani | Stop Spammers | < 2021.9 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-CrossExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735ExploitThird Party Advisory
- http://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-CrossExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735ExploitThird Party Advisory
FAQ
What is CVE-2021-24245?
CVE-2021-24245 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags,...
How severe is CVE-2021-24245?
CVE-2021-24245 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24245?
Check the references section above for vendor advisories and patch information. Affected products include: Trumani Stop Spammers.