Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability by itservicejung

CVE-2021-24596 (GCVE-0-2021-24596)

Vulnerability from cvelistv5 – Published: 2021-09-20 10:06 – Updated: 2024-08-03 19:35

Title

youForms for WordPress <= 1.0.5 - Authenticated Stored Cross-Site Scripting

Summary

The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Severity

No CVSS data available.

CWE

CWE-79 - Cross-site Scripting (XSS)

Assigner

WPScan

References

1 reference

URL	Tags
https://wpscan.com/vulnerability/b5def0e7-2b4a-43…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Unknown	youForms for WordPress – Creating Forms for CopeCart	Affected: 1.0.5 , ≤ 1.0.5 (custom)

Credits

xiahao@webray.com.cn inc

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:35:20.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/b5def0e7-2b4a-43e0-8175-28b28aa2f8ae"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "youForms for WordPress \u2013 Creating Forms for CopeCart",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThanOrEqual": "1.0.5",
              "status": "affected",
              "version": "1.0.5",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "xiahao@webray.com.cn inc"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-20T10:06:26.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/b5def0e7-2b4a-43e0-8175-28b28aa2f8ae"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "youForms for WordPress \u003c= 1.0.5 - Authenticated Stored Cross-Site Scripting",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24596",
          "STATE": "PUBLIC",
          "TITLE": "youForms for WordPress \u003c= 1.0.5 - Authenticated Stored Cross-Site Scripting"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "youForms for WordPress \u2013 Creating Forms for CopeCart",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.0.5",
                            "version_value": "1.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "xiahao@webray.com.cn inc"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/b5def0e7-2b4a-43e0-8175-28b28aa2f8ae",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/b5def0e7-2b4a-43e0-8175-28b28aa2f8ae"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24596",
    "datePublished": "2021-09-20T10:06:26.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:35:20.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}