Vulnerability Description
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users due to the lack of sanitisation and escaping in some parameters
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stylishcostcalculator | Stylish Cost Calculator | < 7.0.4 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/db84a782-d4c8-4abf-99ea-ea672a9b806eExploitThird Party Advisory
- https://wpscan.com/vulnerability/db84a782-d4c8-4abf-99ea-ea672a9b806eExploitThird Party Advisory
FAQ
What is CVE-2021-24822?
CVE-2021-24822 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenti...
How severe is CVE-2021-24822?
CVE-2021-24822 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24822?
Check the references section above for vendor advisories and patch information. Affected products include: Stylishcostcalculator Stylish Cost Calculator.