CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24428

The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.1%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://m0ze.ru/vulnerability/%5B2021-04-23%5D-%5BWordPress%5D-%5BCWE-79%5D-RSS-for-Yandex-Turbo-WordPress-Plugin-v1.30.txt
https://wpscan.com/vulnerability/9fcf6ebe-01d9-4730-a20e-58b192bb6d87
https://m0ze.ru/vulnerability/%5B2021-04-23%5D-%5BWordPress%5D-%5BCWE-79%5D-RSS-for-Yandex-Turbo-WordPress-Plugin-v1.30.txt
https://wpscan.com/vulnerability/9fcf6ebe-01d9-4730-a20e-58b192bb6d87

Products affected by CVE-2021-24428

Yandex » Yandex Turbo » Version: Any

cpe:2.3:a:yandex:yandex_turbo:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24428

Products

Pricing

Contact Us