Vikas Srivastava

#16567of 53,633
16.2Total CVSS
Vulnerabilities · 3
Medium
3
PT-2024-10892
5.4
2024-01-16
WordPress · The Simple Post · CVE-2021-24567
**Name of the Vulnerable Software and Affected Versions** The Simple Post WordPress plugin versions through 1.1 **Description** The issue arises from the plugin's failure to sanitize user input when an authenticated user provides a Text value. As a result, these values are not escaped when outputted to the browser, leading to an Authenticated Stored XSS Cross-Site Scripting issue. **Recommendations** For The Simple Post WordPress plugin versions through 1.1, update to a version that addresses this issue, as the current version does not properly sanitize user input, leading to potential XSS attacks.
PT-2021-16059
5.4
2021-08-16
WordPress · The Current Book Wordpress Plugin · CVE-2021-24538
**Name of the Vulnerable Software and Affected Versions** The Current Book WordPress plugin versions 1.0.1 and earlier **Description** The issue arises from the plugin's failure to sanitize user input when an authenticated user adds an Author or Book Title. This lack of sanitization, combined with the failure to escape these values when outputting to the browser, leads to an Authenticated Stored XSS Cross-Site Scripting issue. **Recommendations** For versions 1.0.1 and earlier, update to a version that properly sanitizes user input and escapes output values to prevent XSS attacks. As a temporary workaround, consider restricting the ability of authenticated users to add Author or Book Title entries until a patch is available.
PT-2021-16068
5.4
2021-08-16
WordPress · Mimetic Books · CVE-2021-24548
**Name of the Vulnerable Software and Affected Versions** Mimetic Books WordPress plugin versions 0.2.13 and earlier **Description** The issue concerns Authenticated Stored Cross-Site Scripting (XSS) in the `Default Publisher ID` field on the plugin's settings page. This allows for malicious script execution when a user with authentication accesses the affected page. **Recommendations** For Mimetic Books WordPress plugin versions 0.2.13 and earlier, update to a version later than 0.2.13 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation. Avoid using the `Default Publisher ID` field until the issue is resolved.