Vulnerability Details CVE-2021-24434
The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-24434
-
cpe:2.3:a:codeblab:glass:-
-
cpe:2.3:a:codeblab:glass:1.0
-
cpe:2.3:a:codeblab:glass:1.1
-
cpe:2.3:a:codeblab:glass:1.2
-
cpe:2.3:a:codeblab:glass:1.3
-
cpe:2.3:a:codeblab:glass:1.3.1
-
cpe:2.3:a:codeblab:glass:1.3.2