CVE-2021-24305 Information
Jun 07, 2022
cve
Description
The Target First WordPress Plugin v2.0 also previously known as Watcheezy suffers from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the ‘weeWzKey’ parameter that will be save as the ‘weeID option and is not sanitized.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://www.targetfirst.com/ https://wpscan.com/vulnerability/4d55d1f5-a7b8-4029-942d-7a13e2498f64
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: