4 matches found
CVE-2021-24369
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site...
CVE-2021-24369
creationtimestamp| type| source ---|---|--- 2021-06-22 00:15:28+00:00| seen| https://t.me/cibsecurity/25589 2021-06-22 02:47:50+00:00| published-proof-of-concept| Telegram/nzqIkOQtF4bvsFZtLoo5Ug9AQTqGn983Xaonm100hPLZk...
CVE-2021-24369
CVE-2021-24369 affects the GetPaid WordPress plugin prior to 2.3.4. The issue arises because the Label and Help Text fields were not properly sanitized, allowing authenticated users with at least a Contributor role to create a Payment Form that can contain malicious content (e.g., img tags). This...
CVE-2021-24369 GetPaid < 2.3.4 - Authenticated Stored XSS
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site...