Vulnerability Description
The తెలుగు బైబిల్ వచనములు WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Telugu Bible Verse Daily Project | Telugu Bible Verse Daily | <= 1.0 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/b47ea36e-f37c-4745-b750-31f5b91f543fExploitThird Party Advisory
- https://wpscan.com/vulnerability/b47ea36e-f37c-4745-b750-31f5b91f543fExploitThird Party Advisory
FAQ
What is CVE-2021-24410?
CVE-2021-24410 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The తెలుగు బైబిల్ వచనములు WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This cou...
How severe is CVE-2021-24410?
CVE-2021-24410 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24410?
Check the references section above for vendor advisories and patch information. Affected products include: Telugu Bible Verse Daily Project Telugu Bible Verse Daily.