Descrição
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated)
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24504
Tags
Nâo informado
Data de publicação
02/08/2021
Última atualização
08/12/2024
Pontuação em CVSS 3.0
6.1
Médio