← back
CVE-2021-24632

Recipe Card Blocks < 2.8.1 - Reflected Cross-Site Scripting

EPSS 0.8%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →