CVE-2021-42546 MEDIUM

CVE-2021-42546: Reflected XSS in search functionality of WP Cloud Plugins - Use-Your-Drive

Vendor Wp Cloud Plugins

Product Use-Your-Drive

Weakness CWE-79 · XSS

Published December 13, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.

Key dates

02Disclosure timeline

December 13, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-42546 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-3891 Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags CVE-2024-45087 IBM WebSphere Application Server cross-site scripting CVE-2022-1457 Store XSS in title parameter executing at EditUser Page & EditProducto page in neorazorx/facturascripts CVE-2023-6217 MOVEit Transfer XSS via MOVEit Gateway CVE-2024-30530 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Identifiers

CVE CVE-2021-42546

CWE CWE-79

CVSS 4.7 / MEDIUM

Affected versions

Vendor Wp Cloud Plugins

Product Use-Your-Drive

Affected ≥ unspecified and < 1.18.3