CVE-2021-24316

Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)

EPSS 6.4%CWE-79

Vexday Risk Score

18Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 6.4%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

01 Jun 2021Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.

Affected products

WowThemes · Mediumish

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e https://www.wowthemes.net/themes/mediumish-wordpress/