Pular para o conteúdo
Ver todas as ameaças

CVE-2021-24504

Alvo: Não informado

Descrição

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated)

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24504
Tags
Nâo informado
Data de publicação
02/08/2021
Última atualização
08/11/2023
Pontuação em CVSS 3.0
6.1
Médio
plugins premium WordPress