← back
CVE-2021-33851

CVE-2021-33851

EPSS 1.3%CWE-79
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 1.3%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
09 Mar 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.
Affected products
n/a · WordPress Customize Login Image Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html