CVE-2021-36873
published 2021-09-23CVE-2021-36873: Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter…
PriorityP429medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
1.19%
64.1th percentile
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webence | iq_block_country | <= 1.2.11 | — |
| webence | iq_block_country | 1.2.11 – 1.2.11 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2021-36873 [MEDIUM] WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
WordPress iQ Block Country =1.2.12) to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/ba93f085-2153-439b-9cda-7c5b09d3ed58
- https://wordpress.org/plugins/iq-block-country/
- https://patchstack.com/database/vulnerability/iq-block-country-/wordpress-iq-block-country-plugin-1-2-11-authenticated-persistent-cross-site-scripting-xss-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2021-36873
- https://wordpress.org/plugins/iq-block-country/#developers
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2021-36873
cwe-id: CWE-79
epss-score: 0.03985
epss-percentile: 0.88418
cpe: cpe:2.3:a:webence:iq_block_country:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 4
vendor: webence
product: iq_block_count
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/iq-block-country-/wordpress-iq-block-country-plugin-1-2-11-authenticated-persistent-cross-site-scripting-xss-vulnerabilityhttps://wordpress.org/plugins/iq-block-country/#developershttps://patchstack.com/database/vulnerability/iq-block-country-/wordpress-iq-block-country-plugin-1-2-11-authenticated-persistent-cross-site-scripting-xss-vulnerabilityhttps://wordpress.org/plugins/iq-block-country/#developers
2021-09-23
Published