Search criteria
2 vulnerabilities found for Admin Columns Pro by AdminColumns
CVE-2021-24365 (GCVE-0-2021-24365)
Vulnerability from cvelistv5 – Published: 2021-07-12 19:20 – Updated: 2024-08-03 19:28
VLAI
Title
Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field
Summary
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/fdbeb137-b404-46… | x_refsource_CONFIRM |
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AdminColumns | Admin Columns |
Affected:
4.3.2 , < 4.3.2
(custom)
|
|
| AdminColumns | Admin Columns Pro |
Affected:
5.5.2 , < 5.5.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Admin Columns",
"vendor": "AdminColumns",
"versions": [
{
"lessThan": "4.3.2",
"status": "affected",
"version": "4.3.2",
"versionType": "custom"
}
]
},
{
"product": "Admin Columns Pro",
"vendor": "AdminColumns",
"versions": [
{
"lessThan": "5.5.2",
"status": "affected",
"version": "5.5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Lauinger"
},
{
"lang": "en",
"value": "SySS GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type \"Custom Field\" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of \"Custom Field\" columns."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T19:20:49.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Admin Columns Free (\u003c 4.3.2) \u0026 Pro (\u003c 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24365",
"STATE": "PUBLIC",
"TITLE": "Admin Columns Free (\u003c 4.3.2) \u0026 Pro (\u003c 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Admin Columns",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.3.2",
"version_value": "4.3.2"
}
]
}
},
{
"product_name": "Admin Columns Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.5.2",
"version_value": "5.5.2"
}
]
}
}
]
},
"vendor_name": "AdminColumns"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Lauinger"
},
{
"lang": "eng",
"value": "SySS GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type \"Custom Field\" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of \"Custom Field\" columns."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388"
},
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24365",
"datePublished": "2021-07-12T19:20:49.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24365 (GCVE-0-2021-24365)
Vulnerability from nvd – Published: 2021-07-12 19:20 – Updated: 2024-08-03 19:28
VLAI
Title
Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field
Summary
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/fdbeb137-b404-46… | x_refsource_CONFIRM |
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AdminColumns | Admin Columns |
Affected:
4.3.2 , < 4.3.2
(custom)
|
|
| AdminColumns | Admin Columns Pro |
Affected:
5.5.2 , < 5.5.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Admin Columns",
"vendor": "AdminColumns",
"versions": [
{
"lessThan": "4.3.2",
"status": "affected",
"version": "4.3.2",
"versionType": "custom"
}
]
},
{
"product": "Admin Columns Pro",
"vendor": "AdminColumns",
"versions": [
{
"lessThan": "5.5.2",
"status": "affected",
"version": "5.5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Lauinger"
},
{
"lang": "en",
"value": "SySS GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type \"Custom Field\" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of \"Custom Field\" columns."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T19:20:49.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Admin Columns Free (\u003c 4.3.2) \u0026 Pro (\u003c 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24365",
"STATE": "PUBLIC",
"TITLE": "Admin Columns Free (\u003c 4.3.2) \u0026 Pro (\u003c 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Admin Columns",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.3.2",
"version_value": "4.3.2"
}
]
}
},
{
"product_name": "Admin Columns Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.5.2",
"version_value": "5.5.2"
}
]
}
}
]
},
"vendor_name": "AdminColumns"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Lauinger"
},
{
"lang": "eng",
"value": "SySS GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type \"Custom Field\" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of \"Custom Field\" columns."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388"
},
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24365",
"datePublished": "2021-07-12T19:20:49.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}