Search criteria
2 vulnerabilities found for Post Views Counter by Unknown
CVE-2021-24613 (GCVE-0-2021-24613)
Vulnerability from cvelistv5 – Published: 2021-09-20 10:06 – Updated: 2024-08-03 19:35
VLAI?
Title
Post Views Counter < 1.3.5 - Authenticated Stored XSS
Summary
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Post Views Counter |
Affected:
1.3.5 , < 1.3.5
(custom)
|
Credits
Tung Duong Dinh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Post Views Counter",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.5",
"status": "affected",
"version": "1.3.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tung Duong Dinh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-20T10:06:35",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Post Views Counter \u003c 1.3.5 - Authenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24613",
"STATE": "PUBLIC",
"TITLE": "Post Views Counter \u003c 1.3.5 - Authenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Post Views Counter",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.5",
"version_value": "1.3.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tung Duong Dinh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24613",
"datePublished": "2021-09-20T10:06:35",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24613 (GCVE-0-2021-24613)
Vulnerability from nvd – Published: 2021-09-20 10:06 – Updated: 2024-08-03 19:35
VLAI?
Title
Post Views Counter < 1.3.5 - Authenticated Stored XSS
Summary
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Post Views Counter |
Affected:
1.3.5 , < 1.3.5
(custom)
|
Credits
Tung Duong Dinh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Post Views Counter",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.5",
"status": "affected",
"version": "1.3.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tung Duong Dinh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-20T10:06:35",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Post Views Counter \u003c 1.3.5 - Authenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24613",
"STATE": "PUBLIC",
"TITLE": "Post Views Counter \u003c 1.3.5 - Authenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Post Views Counter",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.5",
"version_value": "1.3.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tung Duong Dinh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24613",
"datePublished": "2021-09-20T10:06:35",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}