Ver todas as ameaças

CVE-2021-24247

Alvo: Não informado

Descrição

The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24247
Tags
Nâo informado
Data de publicação
06/05/2021
Última atualização
11/03/2022
Pontuação em CVSS 3.0
5.4
Médio
Rolar para cima