CVE-2021-24605

The createpostpage AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue...

CVE-2021-24605

The CVE-2021-24605 entry concerns the WordPress plugin Custom Post View Generator (versions up to 0.4.6). The underlying issue is that the create_post_page AJAX action does not sanitize or escape user input before echoing it in the response, causing a Reflected Cross‑Site Scripting (XSS) vulnerab...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Custom Post View Generator, which stems...

Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting

The createpostpage AJAX action of the plugin available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue '...