The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
History

Fri, 14 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-10-15T12:15:15.115Z

Updated: 2025-02-14T18:10:57.252Z

Reserved: 2021-08-20T00:00:00.000Z

Link: CVE-2021-39332

cve-icon Vulnrichment

Updated: 2024-08-04T02:06:41.542Z

cve-icon NVD

Status : Modified

Published: 2021-10-15T13:15:07.600

Modified: 2024-11-21T06:19:15.317

Link: CVE-2021-39332

cve-icon Redhat

No data.