PT-2021-16065 · WordPress · Wp Html Author Bio
Veshraj Ghimire
+1
·
Published
2021-10-11
·
Updated
2021-10-15
·
CVE-2021-24545
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP HTML Author Bio WordPress plugin versions 1.2.0 and earlier
Description
The issue allows users with a role as low as author to perform Cross-Site Scripting attacks against other users by injecting malicious JavaScript code into their bio, which is executed when anyone visits a post made by such a user. This could potentially lead to privilege escalation when an admin views the related post.
Recommendations
For WP HTML Author Bio WordPress plugin versions 1.2.0 and earlier, consider disabling the bio feature for users until a patch is available to prevent the execution of malicious JavaScript code. Restrict access to the plugin's functionality to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Html Author Bio