WordPress Plugin Vulnerabilities

Awesome Support < 6.0.7 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the id and assignee parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue

Affects Plugins

Plugin icon
awesome-support
Fixed in 6.0.7

References

CVE
CVE-2021-36919

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Verified
No
WPVDB ID
dc0ed4de-d2c4-44ad-ae09-1161a5d87fbe

Timeline

Publicly Published
2021-11-25 (about 2 years ago)
Added
2021-11-27 (about 2 years ago)
Last Updated
2022-04-10 (about 2 years ago)

Other

Published
Title
Published
2024-02-05
Title
Woocommerce Vietnam Checkout < 2.0.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting
Published
2023-07-12
Title
Art Direction <= 0.2.4 - Contributor+ Stored XSS
Published
2016-01-06
Title
WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
Published
2023-02-15
Title
WP Open Social <= 5.0 - Admin+ Stored XSS
Published
2023-01-04
Title
My YouTube Channel < 3.23.0 - Admin+ Stored XSS