Vulnerability Description
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpzoom | Recipe Card Blocks For Gutenberg \& Elementor | < 2.8.1 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/55cd6d5e-92c1-407a-8c0f-f89d415ebb66ExploitThird Party Advisory
- https://wpscan.com/vulnerability/55cd6d5e-92c1-407a-8c0f-f89d415ebb66ExploitThird Party Advisory
FAQ
What is CVE-2021-24632?
CVE-2021-24632 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
How severe is CVE-2021-24632?
CVE-2021-24632 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24632?
Check the references section above for vendor advisories and patch information. Affected products include: Wpzoom Recipe Card Blocks For Gutenberg \& Elementor.