CVE-2021-24681
Duplicate Page <= 4.4.2 - Admin+ Stored Cross-Site Scripting
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 0.9%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
11 oct 2021Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Productos afectados
Unknown · Duplicate Page¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →