6.1
CVE-2021-24435
- EPSS 13.25%
- Veröffentlicht 06.09.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:04
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginTitan Framework <= (Various Versions) - Reflected Cross-Site Scripting
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues
Mögliche Gegenmaßnahme
4k-icon-fonts-for-visual-composer: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Ad Blocker Notify Lite: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
affiliate-pro: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
AMP extensions: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Aoi Tori: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Awesome Support – WordPress HelpDesk & Support Plugin: Update to version 6.0.11, or a newer patched version
betteroptin: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Border Loading Bar: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Catchers Helpdesk and Ticket system for Support: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Bootstrap Categories Gallery: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Woocommerce Categories in gallery format: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
WordPress Form Customizer | CF7 Customizer: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
ClinicalWP Core: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Facebook Page Feed Timeline: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Custom Scrollbar Designer: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Custom Text Selection Colors: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Disable Image Right Click: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Easy Gallery Slideshow: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Easy Google Map: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Easy Justified Gallery: Update to version 1.1.1, or a newer patched version
Share Posts To Email: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Exit Popup Show: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Flight Search Widget and Blocks: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Icons with Links Widget: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
ICustomizer: Update to version 1.5.0, or a newer patched version
Live Chat for Fanpage: Update to version 3.1.1, or a newer patched version
Media Mirror: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
WP Mobile Menu – The Mobile-Friendly Responsive Menu: Update to version 2.8.2.3, or a newer patched version
Popup Modal For Youtube: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Project2App – Turn Your WordPress Site into an Android App: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Seatgeek Affiliate Tickets: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
SEO-Dashboard by gutewebsites.de: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Share Woocommerce to Email: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Simple Behance Portfolio: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Stars Menu: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Station Pro – Advanced Audio Streaming & Player for WordPress: Update to version 2.2.2, or a newer patched version
Sticky Related Posts: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
tcS3: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Events Shortcodes For The Events Calendar: Update to version 1.7.2, or a newer patched version
Titan Framework: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Total Sales For Woocommerce: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
TR Easy Google Analytics: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Venture Event Manager: Update to version 3.2.5, or a newer patched version
W3SCloud Contact Form 7 to Zoho CRM: Update to version 2.1.0, or a newer patched version
WebHotelier for WordPress: Update to version 1.6.1, or a newer patched version
Product Limited Time Availability Date for woocommerce: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Request Quote via Whatsapp for Woocommerce: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Woosaleskit Bar: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Кнопка ЮMoney: Update to version 2.4.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
4k-icon-fonts-for-visual-composer
Version
*
SystemWordPress Plugin
≫
Produkt
Ad Blocker Notify Lite
Version
*
SystemWordPress Plugin
≫
Produkt
affiliate-pro
Version
*
SystemWordPress Plugin
≫
Produkt
AMP extensions
Version
*
SystemWordPress Plugin
≫
Produkt
Aoi Tori
Version
*
SystemWordPress Plugin
≫
Produkt
Awesome Support – WordPress HelpDesk & Support Plugin
Version
*-6.0.10
SystemWordPress Plugin
≫
Produkt
betteroptin
Version
*
SystemWordPress Plugin
≫
Produkt
Border Loading Bar
Version
*
SystemWordPress Plugin
≫
Produkt
Catchers Helpdesk and Ticket system for Support
Version
*
SystemWordPress Plugin
≫
Produkt
Bootstrap Categories Gallery
Version
*
SystemWordPress Plugin
≫
Produkt
Woocommerce Categories in gallery format
Version
*
SystemWordPress Plugin
≫
Produkt
WordPress Form Customizer | CF7 Customizer
Version
*
SystemWordPress Plugin
≫
Produkt
ClinicalWP Core
Version
*
SystemWordPress Plugin
≫
Produkt
Facebook Page Feed Timeline
Version
*
SystemWordPress Plugin
≫
Produkt
Custom Scrollbar Designer
Version
*
SystemWordPress Plugin
≫
Produkt
Custom Text Selection Colors
Version
*
SystemWordPress Plugin
≫
Produkt
Disable Image Right Click
Version
*
SystemWordPress Plugin
≫
Produkt
Easy Gallery Slideshow
Version
*
SystemWordPress Plugin
≫
Produkt
Easy Google Map
Version
*
SystemWordPress Plugin
≫
Produkt
Easy Justified Gallery
Version
*-1.1
SystemWordPress Plugin
≫
Produkt
Share Posts To Email
Version
*
SystemWordPress Plugin
≫
Produkt
Exit Popup Show
Version
*
SystemWordPress Plugin
≫
Produkt
Flight Search Widget and Blocks
Version
*
SystemWordPress Plugin
≫
Produkt
Icons with Links Widget
Version
*
SystemWordPress Plugin
≫
Produkt
ICustomizer
Version
*-1.4.13
SystemWordPress Plugin
≫
Produkt
Live Chat for Fanpage
Version
*-3.1.0
SystemWordPress Plugin
≫
Produkt
Media Mirror
Version
*
SystemWordPress Plugin
≫
Produkt
WP Mobile Menu – The Mobile-Friendly Responsive Menu
Version
*-2.8.2.2
SystemWordPress Plugin
≫
Produkt
Popup Modal For Youtube
Version
*
SystemWordPress Plugin
≫
Produkt
Project2App – Turn Your WordPress Site into an Android App
Version
*
SystemWordPress Plugin
≫
Produkt
Seatgeek Affiliate Tickets
Version
*
SystemWordPress Plugin
≫
Produkt
SEO-Dashboard by gutewebsites.de
Version
*
SystemWordPress Plugin
≫
Produkt
Share Woocommerce to Email
Version
*
SystemWordPress Plugin
≫
Produkt
Simple Behance Portfolio
Version
*
SystemWordPress Plugin
≫
Produkt
Stars Menu
Version
*
SystemWordPress Plugin
≫
Produkt
Station Pro – Advanced Audio Streaming & Player for WordPress
Version
2.2.1
SystemWordPress Plugin
≫
Produkt
Sticky Related Posts
Version
*
SystemWordPress Plugin
≫
Produkt
tcS3
Version
*
SystemWordPress Plugin
≫
Produkt
Events Shortcodes For The Events Calendar
Version
[*, 1.7.2)
SystemWordPress Plugin
≫
Produkt
Titan Framework
Version
*
SystemWordPress Plugin
≫
Produkt
Total Sales For Woocommerce
Version
*
SystemWordPress Plugin
≫
Produkt
TR Easy Google Analytics
Version
*
SystemWordPress Plugin
≫
Produkt
Venture Event Manager
Version
[*, 3.2.5)
SystemWordPress Plugin
≫
Produkt
W3SCloud Contact Form 7 to Zoho CRM
Version
[*, 2.1.0)
SystemWordPress Plugin
≫
Produkt
WebHotelier for WordPress
Version
[*, 1.6.1)
SystemWordPress Plugin
≫
Produkt
Product Limited Time Availability Date for woocommerce
Version
*
SystemWordPress Plugin
≫
Produkt
Request Quote via Whatsapp for Woocommerce
Version
*
SystemWordPress Plugin
≫
Produkt
Woosaleskit Bar
Version
*
SystemWordPress Plugin
≫
Produkt
Кнопка ЮMoney
Version
[*, 2.4.0)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gambit ≫ Titan Framework SwPlatformwordpress Version <= 1.12.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.25% | 0.939 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.