Home > Vulnerability Database > CVE-2021-24681

Mend.io Vulnerability Database

CVE-2021-24681

Date: October 11, 2021

The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Language: PHP

Severity Score

4.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-24681

Url: https://wpscan.com/vulnerability/9ebdd1df-1d6f-4399-8b0f-77a79f841464

Url: https://www.mend.io/vulnerability-database/CVE-2021-24681

Severity Score

4.8

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-24681

Date: October 11, 2021

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?