WordPress Plugin Vulnerabilities

Use Your Drive < 1.18.3 - Reflected Cross-Site Scripting

Description

Insufficient Input Validation in the search functionality of the plugin allows attackers to perform a reflected Cross-Site Scripting attack.

Affects Plugins

Plugin icon
use-your-drive
Fixed in 1.18.3

References

CVE
CVE-2021-42546

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Trainer Red
Verified
No
WPVDB ID
8aa6e45c-d0c9-488c-9cdc-7eb6ea8a7502

Timeline

Publicly Published
2021-12-13 (about 4 years ago)
Added
2021-12-13 (about 4 years ago)
Last Updated
2022-04-12 (about 3 years ago)

Other

Published
Title
Published
2022-10-17
Title
WP < 6.0.3 - Reflected XSS via SQLi in Media Library
Published
2025-03-31
Title
Checklist <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-03-05
Title
Greek Multi Tool < 2.3.2 - Unauthenticated Stored XSS
Published
2025-08-05
Title
Exclusive Addons for Elementor < 2.7.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown
Published
2025-01-21
Title
Stray Random Quotes <= 1.9.9 - Reflected XSS