WordPress Plugin Vulnerabilities

Share One Drive < 1.15.3 - Reflected Cross-Site Scripting

Description

Insufficient Input Validation in the search functionality of the plugin allows attackers to perform a reflected Cross-Site Scripting attack

Affects Plugins

Plugin icon
share-one-drive
Fixed in 1.15.3

References

CVE
CVE-2021-42548

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Trainer Red
Verified
No
WPVDB ID
08ccb3e8-e9a9-41f2-b3bc-03b8b8f74140

Timeline

Publicly Published
2021-12-13 (about 4 years ago)
Added
2021-12-13 (about 4 years ago)
Last Updated
2022-04-11 (about 4 years ago)

Other

Published
Title
Published
2024-09-30
Title
BuddyForms < 2.8.13 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2025-01-06
Title
RightMessage WP <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-05-02
Title
kStats Reloaded <= 0.7.4 - Reflected Cross-Site Scripting
Published
2025-09-05
Title
Translate This gTranslate Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-12-06
Title
WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting