Vulnerability Details CVE-2021-4252
A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER["HTTP_USER_AGENT"] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76. It is recommended to apply a patch to fix this issue. The identifier VDB-216209 was assigned to this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.1%
CVSS Severity
CVSS v3 Score 3.5
References
- https://github.com/lesterchan/wp-ban/commit/13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76
- https://github.com/lesterchan/wp-ban/pull/11
- https://vuldb.com/?id.216209
- https://github.com/lesterchan/wp-ban/commit/13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76
- https://github.com/lesterchan/wp-ban/pull/11
- https://vuldb.com/?id.216209
Products affected by CVE-2021-4252
-
cpe:2.3:a:wp-ban_project:wp-ban:-
-
cpe:2.3:a:wp-ban_project:wp-ban:1.00
-
cpe:2.3:a:wp-ban_project:wp-ban:1.10
-
cpe:2.3:a:wp-ban_project:wp-ban:1.11
-
cpe:2.3:a:wp-ban_project:wp-ban:1.20
-
cpe:2.3:a:wp-ban_project:wp-ban:1.30
-
cpe:2.3:a:wp-ban_project:wp-ban:1.31
-
cpe:2.3:a:wp-ban_project:wp-ban:1.40
-
cpe:2.3:a:wp-ban_project:wp-ban:1.50
-
cpe:2.3:a:wp-ban_project:wp-ban:1.60
-
cpe:2.3:a:wp-ban_project:wp-ban:1.61
-
cpe:2.3:a:wp-ban_project:wp-ban:1.62
-
cpe:2.3:a:wp-ban_project:wp-ban:1.63
-
cpe:2.3:a:wp-ban_project:wp-ban:1.64
-
cpe:2.3:a:wp-ban_project:wp-ban:1.65
-
cpe:2.3:a:wp-ban_project:wp-ban:1.66
-
cpe:2.3:a:wp-ban_project:wp-ban:1.67
-
cpe:2.3:a:wp-ban_project:wp-ban:1.68
-
cpe:2.3:a:wp-ban_project:wp-ban:1.69
-
cpe:2.3:a:wp-ban_project:wp-ban:1.69.1