{"vulnerability": "CVE-2021-24443", "sightings": [{"uuid": "f5f11ed6-d695-4032-be2c-eabccd8d9871", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24443", "type": "seen", "source": "https://t.me/arpsyndicate/2704", "content": "#ExploitObserverAlert\n\nCVE-2021-24443\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-24443. The About Me widget of the Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.\n\nFIRST-EPSS: 0.000580000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2024-01-09T03:08:05.000000Z"}]}