CVE-2021-24789

The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Flat Preloader Plugin in versions prior to 1.5.5 has a cross-site scripting vulnerability that stems from...