Descrição
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-38344
Tags
Nâo informado
Data de publicação
14/10/2021
Última atualização
08/12/2024
Pontuação em CVSS 3.0
6.4
Médio