Vulnerabilities > CVE-2021-24481 - Unspecified vulnerability in ANY Hostname Project ANY Hostname 1.0.6

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

any-hostname-project

NVD

Published: 2021-08-02

Updated: 2024-11-21

Summary

The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it

Vulnerable Configurations

Part	Description	Count
Application	Any_Hostname_Project ANY Hostname Project ANY Hostname - ANY Hostname Project ANY Hostname 1.0.6	2

References

https://wpscan.com/vulnerability/a4c352de-9815-4dfe-ac51-65b5bfb37438
https://wpscan.com/vulnerability/a4c352de-9815-4dfe-ac51-65b5bfb37438