CVE-2021-24440

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 59.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Sign-up SheetsFetchdesigns Sign-up Sheets
Timeline
PublishedJul 12
Latest updateMay 24

Description

The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/sign-up_sheets1.0.141.0.14

🔴Vulnerability Details

2
GHSA
GHSA-q7cx-mv5x-6h53: The Sign-up Sheets WordPress plugin before 12022-05-24
CVEList
Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)2021-07-12
CVE-2021-24440 (MEDIUM CVSS 4.8) | The Sign-up Sheets WordPress plugin | cvebase.io