CVE-2021-24180

Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)

EPSS 0.6%CWE-79

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

05 Apr 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.

Affected products

Unknown · Related Posts for WordPress

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/7593d5c8-cbc2-4469-b36b-5d4fb6d49718