Vulnerabilities > CVE-2021-24245 - Unspecified vulnerability in Trumani Stop Spammers
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.
Vulnerable Configurations
References
- http://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-Cross-Site-Scripting.html
- http://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-Cross-Site-Scripting.html
- https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735
- https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735