Lucene search
GoogleOSV:CVE-2021-39340HistoryNov 01, 2021 - 9:15 p.m.
CVE-2021-39340
2021-11-0121:15:07
Google
osv.dev
2
The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| notification | eq | 6.1.4 | |
| notification | eq | 7.2.3 | |
| notification | eq | 6.1.1 | |
| notification | eq | 6.3.2 | |
| notification | eq | 6.0.1 | |
| notification | eq | 5.2.4 | |
| notification | eq | 6.3.1 | |
| notification | eq | 1.1.2 | |
| notification | eq | 6.0.4 | |
| notification | eq | 2.2 |
Related
nvd
nvd
CVE-2021-39340
2021-11-01 21:15:07
prion
prion
Cross site scripting
2021-11-01 21:15:00
wpvulndb
wpvulndb
Notification < 8.0.0 - Admin+ Stored Cross-Site Scripting
2021-10-25 00:00:00
patchstack
patchstack
cvelist
cvelist
cve
cve
CVE-2021-39340
2021-11-01 21:15:07