Search criteria

3 vulnerabilities found for Mediumish by WowThemes

FKIE_CVE-2021-24316

Vulnerability from fkie_nvd - Published: 2021-06-01 14:15 - Updated: 2024-11-21 05:52
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.
References
contact@wpscan.comhttps://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txtExploit, Third Party Advisory
contact@wpscan.comhttps://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2eExploit, Third Party Advisory
contact@wpscan.comhttps://www.wowthemes.net/themes/mediumish-wordpress/Product, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txtExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2eExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.wowthemes.net/themes/mediumish-wordpress/Product, Vendor Advisory
Impacted products
Vendor Product Version
wowthemes mediumish *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wowthemes:mediumish:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "099C6570-C9B4-4059-8992-1CAF44C9EDB6",
              "versionEndIncluding": "1.0.47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it\u0027s \u0027s\u0027 GET parameter before output it back the page, leading to the Cross-SIte Scripting issue."
    },
    {
      "lang": "es",
      "value": "La funcionalidad search del tema Mediumish de WordPress versiones hasta 1.0.47, no sanea apropiadamente el par\u00e1metro \"s\" GET antes de devolverlo a la p\u00e1gina, conllevando a un problema de tipo Cross-SIte Scripting"
    }
  ],
  "id": "CVE-2021-24316",
  "lastModified": "2024-11-21T05:52:49.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-01T14:15:08.953",
  "references": [
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt"
    },
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e"
    },
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://www.wowthemes.net/themes/mediumish-wordpress/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://www.wowthemes.net/themes/mediumish-wordpress/"
    }
  ],
  "sourceIdentifier": "contact@wpscan.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "contact@wpscan.com",
      "type": "Secondary"
    }
  ]
}

CVE-2021-24316 (GCVE-0-2021-24316)

Vulnerability from cvelistv5 – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
VLAI?
Title
Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Summary
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.
Severity ?
No CVSS data available.
CWE
  • CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
Vendor Product Version
WowThemes Mediumish Affected: 1.0.47 , ≤ 1.0.47 (custom)
Create a notification for this product.
Credits
m0ze
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.425Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.wowthemes.net/themes/mediumish-wordpress/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mediumish",
          "vendor": "WowThemes",
          "versions": [
            {
              "lessThanOrEqual": "1.0.47",
              "status": "affected",
              "version": "1.0.47",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "m0ze"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it\u0027s \u0027s\u0027 GET parameter before output it back the page, leading to the Cross-SIte Scripting issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-01T11:33:30",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.wowthemes.net/themes/mediumish-wordpress/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Mediumish \u003c= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24316",
          "STATE": "PUBLIC",
          "TITLE": "Mediumish \u003c= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mediumish",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.0.47",
                            "version_value": "1.0.47"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "WowThemes"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "m0ze"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it\u0027s \u0027s\u0027 GET parameter before output it back the page, leading to the Cross-SIte Scripting issue."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e"
            },
            {
              "name": "https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt",
              "refsource": "MISC",
              "url": "https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt"
            },
            {
              "name": "https://www.wowthemes.net/themes/mediumish-wordpress/",
              "refsource": "MISC",
              "url": "https://www.wowthemes.net/themes/mediumish-wordpress/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24316",
    "datePublished": "2021-06-01T11:33:30",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:28:23.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24316 (GCVE-0-2021-24316)

Vulnerability from nvd – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
VLAI?
Title
Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Summary
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.
Severity ?
No CVSS data available.
CWE
  • CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
Vendor Product Version
WowThemes Mediumish Affected: 1.0.47 , ≤ 1.0.47 (custom)
Create a notification for this product.
Credits
m0ze
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.425Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.wowthemes.net/themes/mediumish-wordpress/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mediumish",
          "vendor": "WowThemes",
          "versions": [
            {
              "lessThanOrEqual": "1.0.47",
              "status": "affected",
              "version": "1.0.47",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "m0ze"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it\u0027s \u0027s\u0027 GET parameter before output it back the page, leading to the Cross-SIte Scripting issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-01T11:33:30",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.wowthemes.net/themes/mediumish-wordpress/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Mediumish \u003c= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24316",
          "STATE": "PUBLIC",
          "TITLE": "Mediumish \u003c= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mediumish",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.0.47",
                            "version_value": "1.0.47"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "WowThemes"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "m0ze"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it\u0027s \u0027s\u0027 GET parameter before output it back the page, leading to the Cross-SIte Scripting issue."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e"
            },
            {
              "name": "https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt",
              "refsource": "MISC",
              "url": "https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt"
            },
            {
              "name": "https://www.wowthemes.net/themes/mediumish-wordpress/",
              "refsource": "MISC",
              "url": "https://www.wowthemes.net/themes/mediumish-wordpress/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24316",
    "datePublished": "2021-06-01T11:33:30",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:28:23.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}