PT-2021-16068 · WordPress · Mimetic Books

Vikas Srivastava

Published

2021-08-16

Updated

2021-08-23

CVE-2021-24548

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mimetic Books WordPress plugin versions 0.2.13 and earlier

Description The issue concerns Authenticated Stored Cross-Site Scripting (XSS) in the Default Publisher ID field on the plugin's settings page. This allows for malicious script execution when a user with authentication accesses the affected page.

Recommendations For Mimetic Books WordPress plugin versions 0.2.13 and earlier, update to a version later than 0.2.13 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation. Avoid using the Default Publisher ID field until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-24548

Affected Products

Mimetic Books

PT-2021-16068 · WordPress · Mimetic Books

CVE-2021-24548

Weakness Enumeration

Related Identifiers

Affected Products

References · 5