CVE-2021-24365
N/A
N/A
Summary
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AdminColumns | Admin Columns | 4.3.2 < 4.3.2 | affected |
| AdminColumns | Admin Columns Pro | 5.5.2 < 5.5.2 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt
References
- https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.