{"containers": {"cna": {"affected": [{"product": "Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme \u2013 myStickymenu", "vendor": "Unknown", "versions": [{"lessThan": "2.5.2", "status": "affected", "version": "2.5.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "m0ze"}], "descriptions": [{"lang": "en", "value": "The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme \u2013 myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active)"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-02T10:31:54", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/14632fa8-597e-49ff-8583-9797208a3583"}, {"tags": ["x_refsource_MISC"], "url": "https://m0ze.ru/vulnerability/%5B2021-05-21%5D-%5BWordPress%5D-%5BCWE-79%5D-MyStickymenu-WordPress-Plugin-v2.5.1.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "myStickymenu < 2.5.2 - Authenticated Stored XSS", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24425", "STATE": "PUBLIC", "TITLE": "myStickymenu < 2.5.2 - Authenticated Stored XSS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme \u2013 myStickymenu", "version": {"version_data": [{"version_affected": "<", "version_name": "2.5.2", "version_value": "2.5.2"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "m0ze"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme \u2013 myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active)"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/14632fa8-597e-49ff-8583-9797208a3583", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/14632fa8-597e-49ff-8583-9797208a3583"}, {"name": "https://m0ze.ru/vulnerability/[2021-05-21]-[WordPress]-[CWE-79]-MyStickymenu-WordPress-Plugin-v2.5.1.txt", "refsource": "MISC", "url": "https://m0ze.ru/vulnerability/[2021-05-21]-[WordPress]-[CWE-79]-MyStickymenu-WordPress-Plugin-v2.5.1.txt"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:28:23.900Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/14632fa8-597e-49ff-8583-9797208a3583"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://m0ze.ru/vulnerability/%5B2021-05-21%5D-%5BWordPress%5D-%5BCWE-79%5D-MyStickymenu-WordPress-Plugin-v2.5.1.txt"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24425", "datePublished": "2021-08-02T10:31:54", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:28:23.900Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:premio:mystickymenu:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A1E3B4BD-64BE-4CA3-A214-613784F456FC", "versionEndExcluding": "2.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme \u2013 myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active)"}, {"lang": "es", "value": "Los plugins Floating Notification Bar, Sticky Menu on Scroll, y Sticky Header for Any Theme \u00e2\u20ac\u201c myStickymenu de WordPress versiones anteriores a 2.5.2, no sanea o escapa de la configuraci\u00f3n de su Barra de Texto, permitiendo a usuarios con altos privilegios usar JavaScript malicioso en ella, conllevando a un problema de tipo Cross-Site Scripting Almacenado, que ser\u00e1 desencadenado en la configuraci\u00f3n del plugin, as\u00ed como en toda la p\u00e1gina principal del blog (cuando la Barra de Bienvenida est\u00e1 activa)"}], "id": "CVE-2021-24425", "lastModified": "2024-11-21T05:53:02.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-02T11:15:08.750", "references": [{"source": "contact@wpscan.com", "url": "https://m0ze.ru/vulnerability/%5B2021-05-21%5D-%5BWordPress%5D-%5BCWE-79%5D-MyStickymenu-WordPress-Plugin-v2.5.1.txt"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/14632fa8-597e-49ff-8583-9797208a3583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://m0ze.ru/vulnerability/%5B2021-05-21%5D-%5BWordPress%5D-%5BCWE-79%5D-MyStickymenu-WordPress-Plugin-v2.5.1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/14632fa8-597e-49ff-8583-9797208a3583"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}]}

{}

{}