CVE-2021-24298 Information

Description

The method and share GET parameters of the Giveaway pages were not sanitised validated or escaped before being output back in the pages thus leading to reflected XSS

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/ https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1