Vulnerability Details CVE-2021-36912
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://patchstack.com/database/vulnerability/google-news-sitemap/wordpress-andrea-pernici-news-sitemap-for-google-plugin-1-0-16-authenticated-stored-cross-site-scripting-xss-vulnerability
- https://wordpress.org/plugins/google-news-sitemap/
- https://patchstack.com/database/vulnerability/google-news-sitemap/wordpress-andrea-pernici-news-sitemap-for-google-plugin-1-0-16-authenticated-stored-cross-site-scripting-xss-vulnerability
- https://wordpress.org/plugins/google-news-sitemap/
Products affected by CVE-2021-36912
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:-
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.0
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.1
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.10
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.11
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.12
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.15
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.16
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.2
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.3
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.5
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.6
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.7
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.8
-
cpe:2.3:a:google-news-sitemap_project:google-news-sitemap:1.0.9