CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24477

The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://wpscan.com/vulnerability/7915070f-1d9b-43c3-b01e-fec35f633a4d
https://wpscan.com/vulnerability/7915070f-1d9b-43c3-b01e-fec35f633a4d

Products affected by CVE-2021-24477

Migrate Users Project » Migrate Users » Version: N/A

cpe:2.3:a:migrate_users_project:migrate_users:-
Migrate Users Project » Migrate Users » Version: 1.0.1

cpe:2.3:a:migrate_users_project:migrate_users:1.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24477

Products

Pricing

Contact Us