Vulnerability Details CVE-2021-24745
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2021-24745
-
cpe:2.3:a:wpkube:about_author_box:*