CVE-2021-4252

A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER["HTTP_USER_AGENT"] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76. It is recommended to apply a patch to fix this issue. The identifier VDB-216209 was assigned to this vulnerability.

CVSS v3.0 6.1 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://vuldb.com/?id.216209	Third Party Advisory
https://github.com/lesterchan/wp-ban/commit/13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76	Patch Third Party Advisory
https://github.com/lesterchan/wp-ban/pull/11	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wp-ban_project:wp-ban:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-12-18 14:15

Updated : 2022-12-22 11:26

NVD link : CVE-2021-4252

Mitre link : CVE-2021-4252

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-707

Improper Neutralization

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Products Affected

wp-ban_project

wp-ban

6.1 /10