CVE-2021-24611 — MEDIUM (5.4)

Q: How severe is CVE-2021-24611?

CVE-2021-24611 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24611?

Check the references section above for vendor advisories and patch information. Affected products include: Keyword Meta Project Keyword Meta.

Vulnerability Description

The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF attack.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Keyword Meta Project	Keyword Meta	<= 3.0

Related Weaknesses (CWE)

CWE-79 CWE-352

References

https://wpscan.com/vulnerability/b4a2e595-6971-4a2a-a346-ac4445a5e0cdExploitThird Party Advisory
https://wpscan.com/vulnerability/b4a2e595-6971-4a2a-a346-ac4445a5e0cdExploitThird Party Advisory

FAQ

What is CVE-2021-24611?

CVE-2021-24611 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermo...

How severe is CVE-2021-24611?

CVE-2021-24611 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24611?

Check the references section above for vendor advisories and patch information. Affected products include: Keyword Meta Project Keyword Meta.