← Volver a CVEs
CVE-2021-24365
MEDIUM5.4
Descripcion
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado7/12/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
admincolumns:admin_columns
Debilidades (CWE)
CWE-79
Referencias
https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388(contact@wpscan.com)
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt(contact@wpscan.com)
https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388(af854a3a-2127-422b-91ae-364da2661108)
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.