CVE-2021-24481 Information

Description

The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its \Allowed hosts\ setting leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Reference

https://wpscan.com/vulnerability/a4c352de-9815-4dfe-ac51-65b5bfb37438

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.8