CVE-2021-24277

The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its  settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
wpuslugirss_for_yandex_turbo
𝑥
< 1.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/8ebf56be-46c0-4435-819f-dc30370eafa4
https://wpscan.com/vulnerability/8ebf56be-46c0-4435-819f-dc30370eafa4