Lucene search
PRIOn knowledge basePRION:CVE-2021-24654HistoryOct 04, 2021 - 12:15 p.m.
Cross site scripting
2021-10-0412:15:00
PRIOn knowledge base
www.prio-n.com
1
0.001 Low
EPSS
Percentile
25.0%
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed
| CPE | Name | Operator | Version |
|---|---|---|---|
| user_registration | lt | 2.0.2 |
Related
nvd
nvd
CVE-2021-24654
2021-10-04 12:15:08
wpexploit
wpexploit
User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting
2021-09-06 00:00:00
wpvulndb
wpvulndb
User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting
2021-09-06 00:00:00
cve
cve
CVE-2021-24654
2021-10-04 12:15:08
patchstack
patchstack
cvelist
cvelist