CVE-2021-33851
Last modified
CVE-2021-33851 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.. EPSS estimates a 1.32% chance of exploitation in the next 30 days.
Description
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apasionados | Customize Login Image | 3.4 |
References
- https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.htmlExploit, Mitigation, Third Party Advisory
- https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.htmlExploit, Mitigation, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-33851?
How severe is CVE-2021-33851?
How do I fix CVE-2021-33851?
Are you affected by CVE-2021-33851?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST