Vulnerability Details CVE-2021-24587
The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.4%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2021-24587
-
cpe:2.3:a:zeesweb:splash_header:-
-
cpe:2.3:a:zeesweb:splash_header:1.0
-
cpe:2.3:a:zeesweb:splash_header:1.1
-
cpe:2.3:a:zeesweb:splash_header:1.10
-
cpe:2.3:a:zeesweb:splash_header:1.11
-
cpe:2.3:a:zeesweb:splash_header:1.12
-
cpe:2.3:a:zeesweb:splash_header:1.13.0
-
cpe:2.3:a:zeesweb:splash_header:1.14.0
-
cpe:2.3:a:zeesweb:splash_header:1.14.1
-
cpe:2.3:a:zeesweb:splash_header:1.14.2
-
cpe:2.3:a:zeesweb:splash_header:1.14.3
-
cpe:2.3:a:zeesweb:splash_header:1.15
-
cpe:2.3:a:zeesweb:splash_header:1.15.1
-
cpe:2.3:a:zeesweb:splash_header:1.16.0
-
cpe:2.3:a:zeesweb:splash_header:1.17.0
-
cpe:2.3:a:zeesweb:splash_header:1.17.1
-
cpe:2.3:a:zeesweb:splash_header:1.18.0
-
cpe:2.3:a:zeesweb:splash_header:1.18.1
-
cpe:2.3:a:zeesweb:splash_header:1.18.2
-
cpe:2.3:a:zeesweb:splash_header:1.19
-
cpe:2.3:a:zeesweb:splash_header:1.2
-
cpe:2.3:a:zeesweb:splash_header:1.20
-
cpe:2.3:a:zeesweb:splash_header:1.20.1
-
cpe:2.3:a:zeesweb:splash_header:1.20.2
-
cpe:2.3:a:zeesweb:splash_header:1.20.3
-
cpe:2.3:a:zeesweb:splash_header:1.20.4
-
cpe:2.3:a:zeesweb:splash_header:1.20.5
-
cpe:2.3:a:zeesweb:splash_header:1.20.6
-
cpe:2.3:a:zeesweb:splash_header:1.20.7
-
cpe:2.3:a:zeesweb:splash_header:1.3
-
cpe:2.3:a:zeesweb:splash_header:1.4
-
cpe:2.3:a:zeesweb:splash_header:1.5
-
cpe:2.3:a:zeesweb:splash_header:1.6
-
cpe:2.3:a:zeesweb:splash_header:1.8
-
cpe:2.3:a:zeesweb:splash_header:1.9