CVE-2021-36901
published 2022-06-15CVE-2021-36901: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress.
PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.74%
50.1th percentile
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asylumdigital | age_gate | <= 2.17.0 | — |
| phil_baker | age_gate | <= 2.17.0 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.5MEDIUM
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-raspi-5.4 vulnerabilities
osv·2024-09-02·CVSS 5.5
CVE-2024-24860 linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
OSV
linux-aws-5.4 vulnerabilities
osv·2024-08-26·CVSS 5.5
CVE-2024-24860 linux-aws-5.4 vulnerabilities
linux-aws-5.4 vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
OSV
linux-azure-5.4 vulnerabilities
osv·2024-08-23·CVSS 5.5
CVE-2024-24860 linux-azure-5.4 vulnerabilities
linux-azure-5.4 vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
GHSA
GHSA-wpjw-qvg4-9cv9: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2
ghsa_unreviewed·2022-06-16
CVE-2021-36901 [MEDIUM] CWE-79 GHSA-wpjw-qvg4-9cv9: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress.
VulnCheck
asylumdigital age_gate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2021·CVSS 6.1
CVE-2021-36901 [MEDIUM] asylumdigital age_gate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
asylumdigital age_gate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress.
Affected: asylumdigital age_gate
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://wordpress.org/support/topic/age-gate-hacked-on-multiple-sites-multiple-servers/; https://wpscan.com/vulnerability/1795452a-171b-4624-b0eb-083b26a0bebb/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/age-gate/wordpress-age-gate-plugin-2-17-0-unauthenticated-stored-cross-site-scripting-xss-vulnerabilityhttps://wordpress.org/plugins/age-gate/#developershttps://patchstack.com/database/vulnerability/age-gate/wordpress-age-gate-plugin-2-17-0-unauthenticated-stored-cross-site-scripting-xss-vulnerabilityhttps://wordpress.org/plugins/age-gate/#developers
2022-06-15
Published
Exploited in the wild