4 matches found
CVE-2021-24734
The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24734
The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24734 Compact WP Audio Player < 1.9.7 - Contributor+ Stored Cross-Site Scripting
The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24734
The CVE-2021-24734 entry affects the WordPress Compact WP Audio Player plugin (versions prior to 1.9.7). The root cause is insufficient escaping of shortcodes attributes, enabling Stored XSS by users with as low as Contributor. Impact is client-side JavaScript execution in affected pages. Remedia...