4 matches found
CVE-2021-24129
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...
CVE-2021-24129
creationtimestamp| type| source ---|---|--- 2021-03-18 17:32:19+00:00| seen| https://t.me/cibsecurity/25101...
CVE-2021-24129
The CVE-2021-24129 entry concerns the WordPress Themify Portfolio Post plugin. Affected: versions before 1.1.6. Root cause: unvalidated input and lack of output encoding in the plugin, enabling Stored Cross-Site Scripting (XSS). Impact: low-privilege users (Contributor+) can inject JavaScript/HTM...
CVE-2021-24129 Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...