CVE-2021-24722 Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting

2021-11-0108:46:12

CWE-79

WPScan

www.cve.org

cve-2021-24722

restaurant menu

motopress

wordpress plugin

stored cross site scripting

cross-site scripting

unfiltered_html capability

EPSS

0.001

Percentile

24.8%

JSON

The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CNA Affected

[
  {
    "product": "Restaurant Menu by MotoPress",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.4.2",
        "status": "affected",
        "version": "2.4.2",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/14b29450-2450-4b5f-8630-bb2cbfbd0a83

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2021-24722