The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/aa23f743-811b-4fd1-81a9-42916342e312 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Jul 2022, 11:40
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 |
28 Oct 2021, 14:28
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://wpscan.com/vulnerability/aa23f743-811b-4fd1-81a9-42916342e312 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CPE | cpe:2.3:a:jquery-reply-to-comment_project:jquery-reply-to-comment:*:*:*:*:*:wordpress:*:* |
25 Oct 2021, 15:34
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-25 14:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-24543
Mitre link : CVE-2021-24543
CVE.ORG link : CVE-2021-24543
JSON object : View
Products Affected
jquery-reply-to-comment_project
- jquery-reply-to-comment