CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24412

The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.2%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://wpscan.com/vulnerability/c4ed3e52-cbe0-46dc-ab43-65de78cfb225
https://wpscan.com/vulnerability/c4ed3e52-cbe0-46dc-ab43-65de78cfb225

Products affected by CVE-2021-24412

Bplugins » Html5 Audio Player » Version: N/A

cpe:2.3:a:bplugins:html5_audio_player:-
Bplugins » Html5 Audio Player » Version: 1.0

cpe:2.3:a:bplugins:html5_audio_player:1.0
Bplugins » Html5 Audio Player » Version: 1.1

cpe:2.3:a:bplugins:html5_audio_player:1.1
Bplugins » Html5 Audio Player » Version: 1.2

cpe:2.3:a:bplugins:html5_audio_player:1.2
Bplugins » Html5 Audio Player » Version: 1.3

cpe:2.3:a:bplugins:html5_audio_player:1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24412

Products

Pricing

Contact Us