CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24556

The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST parameters, inserting them in the DB and then outputting them back in the Subscriber list (/wp-admin/edit.php?post_type=kes_campaign&page=kento_email_subscriber_list_settings), leading a Stored XSS issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 79.0%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://codevigilant.com/disclosure/2021/wp-plugin-email-subscriber/
https://wpscan.com/vulnerability/f050aedc-f79f-4b27-acac-0cdb33b25af8
https://codevigilant.com/disclosure/2021/wp-plugin-email-subscriber/
https://wpscan.com/vulnerability/f050aedc-f79f-4b27-acac-0cdb33b25af8

Products affected by CVE-2021-24556

Email-Subscriber Project » Email-Subscriber » Version: N/A

cpe:2.3:a:email-subscriber_project:email-subscriber:-
Email-Subscriber Project » Email-Subscriber » Version: 1.1

cpe:2.3:a:email-subscriber_project:email-subscriber:1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24556

Products

Pricing

Contact Us