Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-24159

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
Products affected by CVE-2021-24159


Contact Us

Shodan ® - All rights reserved