CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24592

The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.2%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://wpscan.com/vulnerability/9579ff13-9597-4a77-8cb9-997e35265d22
https://wpscan.com/vulnerability/9579ff13-9597-4a77-8cb9-997e35265d22

Products affected by CVE-2021-24592

Yoohooplugins » Sitewide Notice » Version: Any

cpe:2.3:a:yoohooplugins:sitewide_notice:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24592

Products

Pricing

Contact Us