Vulnerability Details CVE-2021-24904
The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.1%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2021-24904
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.0
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.1
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.2
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.32
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.33
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.34
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.35
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.36
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.36.2
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.37
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.38
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.39
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.40
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.44
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.45
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.50
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.52
-
cpe:2.3:a:lenderd:mortgage_calculators_wp:1.53