Vulnerability Description
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mooveagency | Select All Categories And Taxonomies\, Change Checkbox To Radio Buttons | < 1.3.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-ExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdfExploitThird Party Advisory
- http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-ExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdfExploitThird Party Advisory
FAQ
What is CVE-2021-24287?
CVE-2021-24287 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, lea...
How severe is CVE-2021-24287?
CVE-2021-24287 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24287?
Check the references section above for vendor advisories and patch information. Affected products include: Mooveagency Select All Categories And Taxonomies\, Change Checkbox To Radio Buttons.