CVE-2021-24410

The తెల�గ� బైబిల� వచనమ�ల� WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:telugu_bible_verse_daily_project:telugu_bible_verse_daily:*:*:*:*:*:wordpress:*:*

History

23 Aug 2021, 16:47

Type Values Removed Values Added
References (MISC) https://wpscan.com/vulnerability/b47ea36e-f37c-4745-b750-31f5b91f543f - (MISC) https://wpscan.com/vulnerability/b47ea36e-f37c-4745-b750-31f5b91f543f - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
CPE cpe:2.3:a:telugu_bible_verse_daily_project:telugu_bible_verse_daily:*:*:*:*:*:wordpress:*:*

19 Aug 2021, 14:39

Type Values Removed Values Added
CWE CWE-79
CWE-352

16 Aug 2021, 11:55

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-16 11:15

Updated : 2022-05-16 23:19


NVD link : CVE-2021-24410

Mitre link : CVE-2021-24410


JSON object : View

Products Affected

telugu_bible_verse_daily_project

  • telugu_bible_verse_daily
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-352

Cross-Site Request Forgery (CSRF)