WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

icegram

Software

Icegram

Vulnerable Versions

<= 2.0.2

Fixed in version

2.0.3

CVE

CVE-2021-36832

References

CVE-2021-36832
Plugin changelog

Credits

Asif Nawaz Minhas (Patchstack Red Team)

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-08-17

CVSS 3.0 score

4.8

Medium

Requires high privilege user authentication like admin.

Are your websites subject to this vulnerability?

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas in WordPress Icegram plugin (versions <= 2.0.2). Vulnerable at "Headline" (&message_data[16][headline]) input.

Solution

Update the WordPress Icegram plugin to the latest available version (at least 2.0.3).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Vulnerability Database

WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

icegram

Software

Icegram

Vulnerable Versions

<= 2.0.2

Fixed in version

2.0.3

CVE

CVE-2021-36832

References

CVE-2021-36832
Plugin changelog

Credits

Asif Nawaz Minhas (Patchstack Red Team)

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-08-17

CVSS 3.0 score

4.8

Requires high privilege user authentication like admin.

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas in WordPress Icegram plugin (versions <= 2.0.2). Vulnerable at "Headline" (&message_data[16][headline]) input.

Solution

Update the WordPress Icegram plugin to the latest available version (at least 2.0.3).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Solutions

Patchstack

© 2022 Patchstack

© 2021 Patchstack

Vulnerability Database

WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

icegram

Software

Icegram

Vulnerable Versions

<= 2.0.2

Fixed in version

2.0.3

CVE

CVE-2021-36832

References

CVE-2021-36832 Plugin changelog

Credits

Asif Nawaz Minhas (Patchstack Red Team)

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-08-17

CVSS 3.0 score

4.8

Requires high privilege user authentication like admin.

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas in WordPress Icegram plugin (versions <= 2.0.2). Vulnerable at "Headline" (&message_data[16][headline]) input.

Solution

Update the WordPress Icegram plugin to the latest available version (at least 2.0.3).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Solutions

Patchstack

© 2022 Patchstack

© 2021 Patchstack

CVE-2021-36832
Plugin changelog