CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24897

The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.0%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://wpscan.com/vulnerability/a0dd1da8-f8d2-453d-a2f2-711a49fb6466
https://wpscan.com/vulnerability/a0dd1da8-f8d2-453d-a2f2-711a49fb6466

Products affected by CVE-2021-24897

Viitorcloud » Add Subtitle » Version: N/A

cpe:2.3:a:viitorcloud:add_subtitle:-
Viitorcloud » Add Subtitle » Version: 1.1.0

cpe:2.3:a:viitorcloud:add_subtitle:1.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24897

Products

Pricing

Contact Us