CVE-2021-24593

The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue...

CVE-2021-24593 Business Hours Indicator < 2.3.5 - Authenticated Stored XSS

The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue...

CVE-2021-24593

CVE-2021-24593 affects the WordPress plugin Business Hours Indicator prior to version 2.3.5. The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) caused by the plugin not sanitising or escaping the 'Now closed message' setting in both backend and frontend outputs. Impact is sto...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Business Hours Indicator prior t...

Business Hours Indicator < 2.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue Put the following payload in the "Now closed message" setting and save them: alert/XSS/ Then refresh the setting...

WordPress Business Hours Indicator plugin <= 2.3.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Business Hours Indicator plugin versions = 2.3.4. Solution Update the WordPress Business Hours Indicator plugin to the latest available version at least 2.3.5...