5 matches found
CVE-2021-24745
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24745
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24745
CVE-2021-24745 affects the WordPress plugin About Author Box (versions before 1.0.2). The root cause is failure to sanitize and escape values in the Social Profiles field before rendering in attributes, enabling a stored cross-site scripting (XSS) flaw. The issue permits a user with a low-privile...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in versions of Th...
WordPress About Author Box plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Francesco Carlucci in WordPress About Author Box plugin versions = 1.0.1. Solution Update the WordPress About Author Box plugin to the latest available version at least 1.0.2...