CVE-2021-24228
Patreon WordPress < 1.7.2 - Reflected XSS on Login Form
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of the error logging logic behind the scene allowed user-controlled input to be reflected on the login page, unsanitized.
El equipo de Jetpack Scan identificó una vulnerabilidad de tipo Cross-Site Scripting Reflejado en el Formulario de Inicio de Sesión en el plugin Patreon WordPress versiones anteriores a 1.7.2. El formulario de inicio de sesión de WordPress (wp-login.php) está conectado por el plugin y ofrece permitir a los usuarios autenticarse en el sitio utilizando su cuenta de Patreon. Desafortunadamente, parte de la lógica del registro de errores detrás de la escena permitió que la entrada controlada por el usuario sea reflejada en la página de inicio de sesión, sin sanear
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-14 CVE Reserved
- 2021-03-26 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-08-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://wpscan.com/vulnerability/7a5fadb1-3f1c-4779-8ff6-356fccb5269b | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Patreon Search vendor "Patreon" | Patreon Wordpress Search vendor "Patreon" for product "Patreon Wordpress" | < 1.7.2 Search vendor "Patreon" for product "Patreon Wordpress" and version " < 1.7.2" | wordpress |
Affected
|