Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by wp_mapa_politico_espana_project
CVE-2021-24609 (GCVE-0-2021-24609)
Vulnerability from cvelistv5 – Published: 2021-09-20 10:06 – Updated: 2024-08-03 19:35
VLAI
Title
WP Mapa Politico Espana < 3.7.0- Authenticated Stored XSS
Summary
The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/8b639743-3eb5-4f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Mapa Politico España |
Affected:
3.7.0 , < 3.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8b639743-3eb5-4f74-a156-76cb657bbe05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Mapa Politico Espa\u00f1a",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.7.0",
"status": "affected",
"version": "3.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "xiahao@webray.com.cn inc"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-20T10:06:34.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/8b639743-3eb5-4f74-a156-76cb657bbe05"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Mapa Politico Espana \u003c 3.7.0- Authenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24609",
"STATE": "PUBLIC",
"TITLE": "WP Mapa Politico Espana \u003c 3.7.0- Authenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Mapa Politico Espa\u00f1a",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.7.0",
"version_value": "3.7.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "xiahao@webray.com.cn inc"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8b639743-3eb5-4f74-a156-76cb657bbe05",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/8b639743-3eb5-4f74-a156-76cb657bbe05"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24609",
"datePublished": "2021-09-20T10:06:34.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24609 (GCVE-0-2021-24609)
Vulnerability from nvd – Published: 2021-09-20 10:06 – Updated: 2024-08-03 19:35
VLAI
Title
WP Mapa Politico Espana < 3.7.0- Authenticated Stored XSS
Summary
The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/8b639743-3eb5-4f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Mapa Politico España |
Affected:
3.7.0 , < 3.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8b639743-3eb5-4f74-a156-76cb657bbe05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Mapa Politico Espa\u00f1a",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.7.0",
"status": "affected",
"version": "3.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "xiahao@webray.com.cn inc"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-20T10:06:34.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/8b639743-3eb5-4f74-a156-76cb657bbe05"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Mapa Politico Espana \u003c 3.7.0- Authenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24609",
"STATE": "PUBLIC",
"TITLE": "WP Mapa Politico Espana \u003c 3.7.0- Authenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Mapa Politico Espa\u00f1a",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.7.0",
"version_value": "3.7.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "xiahao@webray.com.cn inc"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8b639743-3eb5-4f74-a156-76cb657bbe05",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/8b639743-3eb5-4f74-a156-76cb657bbe05"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24609",
"datePublished": "2021-09-20T10:06:34.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}