PT-2021-15954 · WordPress · Wp Reset

M0Ze

Published

2021-07-12

Updated

2021-07-15

CVE-2021-24424

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The WP Reset – Most Advanced WordPress Reset Tool version prior to 1.90

Description The issue is related to an authenticated Stored Cross-Site Scripting problem. This occurs because the extra data parameter is not properly sanitised or escaped when creating a snapshot via the admin dashboard.

Recommendations For versions prior to 1.90, update to version 1.90 or later to resolve the issue. As a temporary workaround, consider restricting access to the snapshot creation feature in the admin dashboard until the update is applied. Avoid using the extra data parameter in the affected functionality until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-24424

Affected Products

Wp Reset

PT-2021-15954 · WordPress · Wp Reset

CVE-2021-24424

Weakness Enumeration

Related Identifiers

Affected Products

References · 5