Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24196
HistoryApr 05, 2021 - 6:27 p.m.

CVE-2021-24196 Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)

2021-04-0518:27:45
CWE-79
WPScan
www.cve.org

0.001 Low

EPSS

Percentile

21.8%

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized

CNA Affected

[
  {
    "product": "Social Slider Widget",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.8.5",
        "status": "affected",
        "version": "1.8.5",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

21.8%

Related for CVELIST:CVE-2021-24196