CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24301

The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.8%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://wpscan.com/vulnerability/eb8e2b9d-f153-49c9-862a-5c016934f9ad
https://wpscan.com/vulnerability/eb8e2b9d-f153-49c9-862a-5c016934f9ad

Products affected by CVE-2021-24301

Bluemedicinelabs » Hotjar Connecticator » Version: N/A

cpe:2.3:a:bluemedicinelabs:hotjar_connecticator:-
Bluemedicinelabs » Hotjar Connecticator » Version: 1.1.1

cpe:2.3:a:bluemedicinelabs:hotjar_connecticator:1.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24301

Products

Pricing

Contact Us