PT-2021-15901 · WordPress · Admin Columns

Johannes Lauinger

Published

2021-07-12

Updated

2021-07-15

CVE-2021-24365

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Admin Columns WordPress plugin Free versions prior to 4.3.2 Admin Columns WordPress plugin Pro versions prior to 5.5.2

Description The issue allows configuration of individual columns for tables, with a column type of "Custom Field" enabling the choice of an arbitrary database column to display in the table. However, there is no escaping applied to the contents of "Custom Field" columns.

Recommendations For Admin Columns WordPress plugin Free versions prior to 4.3.2, update to version 4.3.2 or later. For Admin Columns WordPress plugin Pro versions prior to 5.5.2, update to version 5.5.2 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-24365

Affected Products

Admin Columns

PT-2021-15901 · WordPress · Admin Columns

CVE-2021-24365

Weakness Enumeration

Related Identifiers

Affected Products

References · 4