CVE-2021-33852
Post Duplicator <= 2.23 - Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts.
Un ataque de tipo cross-site Scripting (XSS) puede hacer que se ejecute código arbitrario (JavaScript) en el navegador de un usuario y puede utilizar una aplicación como vehículo para el ataque. La carga útil XSS dada en el cuadro de texto "Duplicar título" se ejecuta cada vez que el usuario abre la página de configuración del plugin Post Duplicator o la página raíz de la aplicación después de duplicar cualquiera de las publicaciones existentes
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-04 CVE Reserved
- 2021-12-02 CVE Published
- 2023-09-30 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://cybersecurityworks.com/zerodays/cve-2021-33852-stored-cross-site-scripting-in-wordpress-post-duplicator-plugin-2-23.html | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Metaphorcreations Search vendor "Metaphorcreations" | Post Duplicator Search vendor "Metaphorcreations" for product "Post Duplicator" | 2.23 Search vendor "Metaphorcreations" for product "Post Duplicator" and version "2.23" | wordpress |
Affected
|