PT-2021-16120 · WordPress · Custom Post View Generator

Neppah

Published

2021-09-13

Updated

2021-09-23

CVE-2021-24605

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Custom Post View Generator WordPress plugin versions 0.4.6 and earlier

Description The issue concerns the create post page AJAX action, which does not properly sanitise or escape user input. This leads to a Reflected Cross-Site issue, where user input is outputted back in the response without proper validation, potentially allowing malicious actions. The issue is accessible to authenticated users.

Recommendations For Custom Post View Generator WordPress plugin versions 0.4.6 and earlier, update to a version that addresses this issue, as the current version does not properly handle user input sanitisation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-24605

Affected Products

Custom Post View Generator

PT-2021-16120 · WordPress · Custom Post View Generator

CVE-2021-24605

Weakness Enumeration

Related Identifiers

Affected Products

References · 3