Search criteria
3 vulnerabilities found for post_views_counter by dfactory
FKIE_CVE-2021-24613
Vulnerability from fkie_nvd - Published: 2021-09-20 10:15 - Updated: 2024-11-21 05:53
Severity ?
Summary
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dfactory | post_views_counter | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dfactory:post_views_counter:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5458023F-FC8E-4650-8EC7-231D8D4F0E60",
"versionEndExcluding": "1.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed"
},
{
"lang": "es",
"value": "El plugin Post Views Counter de WordPress versiones anteriores a 1.3.5, no sanea ni escapa de su configuraci\u00f3n de Post Views Label, que podr\u00eda permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting en el frontend incluso cuando la capacidad unfiltered_html est\u00e1 deshabilitada"
}
],
"id": "CVE-2021-24613",
"lastModified": "2024-11-21T05:53:24.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-20T10:15:09.043",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
CVE-2021-24613 (GCVE-0-2021-24613)
Vulnerability from cvelistv5 – Published: 2021-09-20 10:06 – Updated: 2024-08-03 19:35
VLAI?
Title
Post Views Counter < 1.3.5 - Authenticated Stored XSS
Summary
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Post Views Counter |
Affected:
1.3.5 , < 1.3.5
(custom)
|
Credits
Tung Duong Dinh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Post Views Counter",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.5",
"status": "affected",
"version": "1.3.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tung Duong Dinh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-20T10:06:35",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Post Views Counter \u003c 1.3.5 - Authenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24613",
"STATE": "PUBLIC",
"TITLE": "Post Views Counter \u003c 1.3.5 - Authenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Post Views Counter",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.5",
"version_value": "1.3.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tung Duong Dinh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24613",
"datePublished": "2021-09-20T10:06:35",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24613 (GCVE-0-2021-24613)
Vulnerability from nvd – Published: 2021-09-20 10:06 – Updated: 2024-08-03 19:35
VLAI?
Title
Post Views Counter < 1.3.5 - Authenticated Stored XSS
Summary
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Post Views Counter |
Affected:
1.3.5 , < 1.3.5
(custom)
|
Credits
Tung Duong Dinh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Post Views Counter",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.5",
"status": "affected",
"version": "1.3.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tung Duong Dinh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-20T10:06:35",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Post Views Counter \u003c 1.3.5 - Authenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24613",
"STATE": "PUBLIC",
"TITLE": "Post Views Counter \u003c 1.3.5 - Authenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Post Views Counter",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.5",
"version_value": "1.3.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tung Duong Dinh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24613",
"datePublished": "2021-09-20T10:06:35",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}