CVE-2021-24322

The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:deliciousbrains:database_backup:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:52

Type Values Removed Values Added
References () https://m0ze.ru/vulnerability/%5B2021-04-04%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-DB-Backup-WordPress-Plugin-v2.3.3.txt - Exploit, Third Party Advisory () https://m0ze.ru/vulnerability/%5B2021-04-04%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-DB-Backup-WordPress-Plugin-v2.3.3.txt - Exploit, Third Party Advisory
References () https://wpscan.com/vulnerability/6bea6301-0762-45c3-a4eb-15d6ac4f9f37 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/6bea6301-0762-45c3-a4eb-15d6ac4f9f37 - Exploit, Third Party Advisory

Information

Published : 2021-06-01 14:15

Updated : 2024-11-21 05:52


NVD link : CVE-2021-24322

Mitre link : CVE-2021-24322

CVE.ORG link : CVE-2021-24322


JSON object : View

Products Affected

deliciousbrains

  • database_backup
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')