{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-24444", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "dateUpdated": "2024-08-03T19:28:23.965Z", "dateReserved": "2021-01-14T00:00:00", "datePublished": "2021-08-02T00:00:00"}, "containers": {"cna": {"title": "TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)", "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2022-10-06T00:00:00"}, "descriptions": [{"lang": "en", "value": "The TaxoPress \u2013 Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue."}], "affected": [{"vendor": "Unknown", "product": "TaxoPress \u2013 Create and Manage Taxonomies, Tags, Categories", "versions": [{"version": "3.0.7.2", "status": "affected", "lessThan": "3.0.7.2", "versionType": "custom"}]}], "references": [{"url": "https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8b"}, {"url": "http://packetstormsecurity.com/files/164604/WordPress-TaxoPress-3.0.7.1-Cross-Site-Scripting.html"}], "credits": [{"lang": "en", "value": "Akash Rajendra Patil"}], "problemTypes": [{"descriptions": [{"type": "CWE", "description": "CWE-79 Cross-site Scripting (XSS)", "cweId": "CWE-79", "lang": "en"}]}], "x_generator": "WPScan CVE Generator", "source": {"discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:28:23.965Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8b", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/164604/WordPress-TaxoPress-3.0.7.1-Cross-Site-Scripting.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:taxopress:taxopress:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "497C32FE-EE50-435D-A60E-0C7EC9D5B7A9", "versionEndExcluding": "3.0.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The TaxoPress \u2013 Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue."}, {"lang": "es", "value": "El plugin de WordPress TaxoPress - Create and Manage Taxonomies, Tags, Categories antes de la versi\u00f3n 3.0.7.2 no sanea su campo de descripci\u00f3n de la taxonom\u00eda, lo que permite a los usuarios con privilegios elevados establecer la carga \u00fatil de JavaScript en ellos incluso cuando la capacidad unfiltered_html no est\u00e1 permitida, lo que conduce a un problema de Cross-Site Scripting almacenado autenticado"}], "id": "CVE-2021-24444", "lastModified": "2022-11-16T16:40:03.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-02T11:15:09.027", "references": [{"source": "contact@wpscan.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/164604/WordPress-TaxoPress-3.0.7.1-Cross-Site-Scripting.html"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8b"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Primary"}]}

{}