Vulnerabilities > CVE-2021-24440 - Unspecified vulnerability in Fetchdesigns Sign-Up Sheets

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

fetchdesigns

NVD

Published: 2021-07-12

Updated: 2024-11-21

Summary

The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard

Vulnerable Configurations

Part	Description	Count
Application	Fetchdesigns Fetchdesigns Sign UP Sheets - Fetchdesigns Sign UP Sheets 1.0 Fetchdesigns Sign UP Sheets 1.0.1 Fetchdesigns Sign UP Sheets 1.0.2 Fetchdesigns Sign UP Sheets 1.0.3 Fetchdesigns Sign UP Sheets 1.0.4 Fetchdesigns Sign UP Sheets 1.0.5 Fetchdesigns Sign UP Sheets 1.0.6 Fetchdesigns Sign UP Sheets 1.0.7 Fetchdesigns Sign UP Sheets 1.0.8 Fetchdesigns Sign UP Sheets 1.0.9 Fetchdesigns Sign UP Sheets 1.0.10 Fetchdesigns Sign UP Sheets 1.0.11 Fetchdesigns Sign UP Sheets 1.0.12 Fetchdesigns Sign UP Sheets 1.0.13	15

Summary

Vulnerable Configurations

References