Lucene search
WPScanCVELIST:CVE-2021-24556HistoryAug 23, 2021 - 11:10 a.m.
CVE-2021-24556 Email Subscriber <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
2021-08-2311:10:10
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
31.9%
The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST parameters, inserting them in the DB and then outputting them back in the Subscriber list (/wp-admin/edit.php?post_type=kes_campaign&page=kento_email_subscriber_list_settings), leading a Stored XSS issue.
CNA Affected
[
{
"product": "Email Subscriber",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "1.1",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-24556
2021-08-23 12:15:09
patchstack
patchstack
nvd
nvd
CVE-2021-24556
2021-08-23 12:15:09
wpvulndb
wpvulndb
Email Subscriber <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
2021-07-24 00:00:00
prion
prion
Cross site scripting
2021-08-23 12:15:00
wpexploit
wpexploit
Email Subscriber <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
2021-07-24 00:00:00