WordPress Plugin Vulnerabilities

Mimetic Books <= 0.2.13 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings page.

Proof of Concept

Affects Plugins

Plugin icon
mimetic-books
No known fix

References

CVE
CVE-2021-24548
Exploitdb
50139

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Vikas Srivastava
Submitter website
https://www.linkedin.com/in/007vikaxh
Submitter twitter
007vikaxh
Verified
Yes
WPVDB ID
10660c95-d366-4152-9ce8-b57c57a2ec6c

Timeline

Publicly Published
2021-07-19 (about 4 years ago)
Added
2021-07-19 (about 4 years ago)
Last Updated
2023-01-23 (about 2 years ago)

Other

Published
Title
Published
2024-06-07
Title
Tooltip CK <= 2.2.15 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2025-03-03
Title
Master Addons < 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
Published
2025-06-23
Title
Flexo Counter <= 1.0001 - Reflected Cross-Site Scripting
Published
2024-09-30
Title
YellowPencil Visual CSS Style Editor < 7.6.5 - Reflected Cross-Site Scripting
Published
2024-01-15
Title
CformsII < 15.0.7 - Unauthenticated Stored XSS