CVE-2021-24316
MEDIUM NUCLEIMediumish WordPress Theme <= 1.0.47 - Cross-Site Scripting via Search Parameter
Title source: llmExploitation Summary
CVE-2021-24316 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.
Nuclei Templates (1)
WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
MEDIUMby 0x_Akoko
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
Exploit, Third Party Advisory x_refsource_misc
https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
Product, Vendor Advisory x_refsource_misc
https://www.wowthemes.net/themes/mediumish-wordpress/
Scores
CVSS v3
6.1
EPSS
0.0644
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
wowthemes/mediumish
< 1.0.47
Published
Jun 01, 2021
Tracked Since
Feb 18, 2026