3 matches found
CVE-2021-24528
creationtimestamp| type| source ---|---|--- 2021-08-30 18:32:21+00:00| seen| https://t.me/cibsecurity/28003...
CVE-2021-24528 FluentSMTP < 2.0.1 - Authenticated Stored XSS
The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting XSS vulnerability. Only...
CVE-2021-24528
The CVE-2021-24528 entry concerns FluentSMTP for WordPress (versions before 2.0.1). The vulnerability is an authenticated stored XSS: the plugin fails to sanitize inputs when storing settings and fails to escape values when displaying SMTP settings, enabling stored XSS for users who can manage pl...