Vulnerability Description
The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Taxopress | Taxopress | < 3.0.7.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164604/WordPress-TaxoPress-3.0.7.1-Cross-SiThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8bExploitThird Party Advisory
- http://packetstormsecurity.com/files/164604/WordPress-TaxoPress-3.0.7.1-Cross-SiThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8bExploitThird Party Advisory
FAQ
What is CVE-2021-24444?
CVE-2021-24444 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload...
How severe is CVE-2021-24444?
CVE-2021-24444 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24444?
Check the references section above for vendor advisories and patch information. Affected products include: Taxopress Taxopress.