Home > Vulnerability Database > CVE-2021-24481

Mend.io Vulnerability Database

CVE-2021-24481

Date: August 2, 2021

The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it

Language: PHP

Severity Score

4.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-24481

Url: https://wpscan.com/vulnerability/a4c352de-9815-4dfe-ac51-65b5bfb37438

Url: https://www.mend.io/vulnerability-database/CVE-2021-24481

Severity Score

4.8

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-24481

Date: August 2, 2021

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?