CVE-2021-25031 Information

Description

The Image Hover Effects Ultimate (Image Gallery Effects Lightbox Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page leading to a Reflected Cross-Site Scripting

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://wpscan.com/vulnerability/1fbcf5ec-498e-4d40-8577-84b8c7ac3201 https://plugins.trac.wordpress.org/changeset/2648086

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1