1. Home
  2. CVE Database
  3. CVE-2021-24545
MEDIUM · 5.4

CVE-2021-24545

The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a...

Vulnerability Description

The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against users, which could potentially lead to privilege escalation when an admin view the related post/s.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
Wp Html Author Bio ProjectWp Html Author Bio<= 1.2.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2021-24545?

CVE-2021-24545 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a...

How severe is CVE-2021-24545?

CVE-2021-24545 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24545?

Check the references section above for vendor advisories and patch information. Affected products include: Wp Html Author Bio Project Wp Html Author Bio.