Vulnerability CVE-2021-24489: Information

Description

The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.

Severity: MEDIUM (4.8) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-24489
Published: Oct. 25, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-79

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firmware-intel-ucodesisyphus16-alt1.2021060823-alt1.20231114ALT-PU-2021-1996-1274527Fixed
firmware-intel-ucodep1016-alt1.2021060823-alt1.20231114ALT-PU-2021-1996-1274527Fixed
firmware-intel-ucodep916-alt1.2021060823-alt1.20231114ALT-PU-2021-3199-1288217Fixed
firmware-intel-ucodec10f116-alt1.2021060823-alt1.20231114ALT-PU-2021-1996-1274527Fixed
firmware-intel-ucodec9f223-alt1.2023111423-alt1.20231114ALT-PU-2023-8026-3334548Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://wpscan.com/vulnerability/36e8efe8-b29f-4c9e-9dd5-3e317aa43e0c
  • Exploit
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:emarketdesign:request_a_quote:*:*:*:*:*:wordpress:*:*
      End excliding
      2.3.5
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top