Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.9 views

CVE-2021-24369

In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site...

5.4CVSS6AI score0.00624EPSS
Exploits2References1
Circl
Circl
added 2021/06/22 12:15 a.m.7 views

CVE-2021-24369

creationtimestamp| type| source ---|---|--- 2021-06-22 00:15:28+00:00| seen| https://t.me/cibsecurity/25589 2021-06-22 02:47:50+00:00| published-proof-of-concept| Telegram/nzqIkOQtF4bvsFZtLoo5Ug9AQTqGn983Xaonm100hPLZk...

5.4CVSS5.5AI score0.00624EPSS
Exploits2References1
CVE
CVE
added 2021/06/21 7:18 p.m.71 views

CVE-2021-24369

CVE-2021-24369 affects the GetPaid WordPress plugin prior to 2.3.4. The issue arises because the Label and Help Text fields were not properly sanitized, allowing authenticated users with at least a Contributor role to create a Payment Form that can contain malicious content (e.g., img tags). This...

5.4CVSS5.3AI score0.00624EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/06/21 7:18 p.m.15 views

CVE-2021-24369 GetPaid < 2.3.4 - Authenticated Stored XSS

In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site...

5.6AI score0.00624EPSS
Exploits2References1
Rows per page
Query Builder