The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4.
References
| Link | Resource |
|---|---|
| https://plugins.trac.wordpress.org/browser/media-usage/trunk/mmu_admin.php#L91 | Exploit Third Party Advisory |
| https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34652 | Exploit Third Party Advisory |
Configurations
History
23 Aug 2021, 20:12
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:meowapps:media_usage:*:*:*:*:*:wordpress:*:* | |
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
| References | (MISC) https://plugins.trac.wordpress.org/browser/media-usage/trunk/mmu_admin.php#L91 - Exploit, Third Party Advisory | |
| References | (MISC) https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34652 - Exploit, Third Party Advisory |
16 Aug 2021, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-08-16 19:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-34652
Mitre link : CVE-2021-34652
CVE.ORG link : CVE-2021-34652
JSON object : View
Products Affected
meowapps
- media_usage
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')