CVE-2021-24481 — MEDIUM (4.8)

Q: How severe is CVE-2021-24481?

CVE-2021-24481 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24481?

Check the references section above for vendor advisories and patch information. Affected products include: Any Hostname Project Any Hostname.

Vulnerability Description

The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Any Hostname Project	Any Hostname	<= 1.0.6

Related Weaknesses (CWE)

CWE-79

References

https://wpscan.com/vulnerability/a4c352de-9815-4dfe-ac51-65b5bfb37438ExploitThird Party Advisory
https://wpscan.com/vulnerability/a4c352de-9815-4dfe-ac51-65b5bfb37438ExploitThird Party Advisory

FAQ

What is CVE-2021-24481?

CVE-2021-24481 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloa...

How severe is CVE-2021-24481?

CVE-2021-24481 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24481?

Check the references section above for vendor advisories and patch information. Affected products include: Any Hostname Project Any Hostname.