{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T04:24:08.010","vulnerabilities":[{"cve":{"id":"CVE-2021-33851","sourceIdentifier":"disclose@cybersecurityworks.com","published":"2022-03-10T17:42:36.047","lastModified":"2024-11-21T06:09:41.847","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the \"Custom logo link\" executes whenever the user opens the Settings Page of the \"Customize Login Image\" Plugin."},{"lang":"es","value":"Un ataque de tipo cross-Site Scripting (XSS) puede hacer que se ejecute código arbitrario (JavaScript) en el navegador de un usuario y puede utilizar una aplicación como vehículo para el ataque. La carga útil XSS dada en el \"enlace del logotipo personalizado\" se ejecuta siempre que el usuario abre la página de configuración del plugin \"Personalizar imagen de inicio de sesión\""}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"disclose@cybersecurityworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apasionados:customize_login_image:3.4:*:*:*:*:wordpress:*:*","matchCriteriaId":"D87707A8-F4BB-4F6C-AA71-82EB4A1CB6FF"}]}]}],"references":[{"url":"https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html","source":"disclose@cybersecurityworks.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Third Party Advisory"]}]}}]}