CVE-2021-24214
Last modified
CVE-2021-24214 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.. EPSS estimates a 1.63% chance of exploitation in the next 30 days.
Description
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Daggerhartlab | Openid Connect Generic Client | 3.8.0 |
| Daggerhartlab | Openid Connect Generic Client | 3.8.1 |
References
- https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-24214?
How severe is CVE-2021-24214?
How do I fix CVE-2021-24214?
Are you affected by CVE-2021-24214?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST