8 matches found
CVE-2021-24607
The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed...
CVE-2021-24607
The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed...
Cross site scripting
The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed...
CVE-2021-24607
The CVE concerns the WordPress Storefront Footer Text plugin (versions Customize) and payloads, indicating frontend and admin areas can be affected. Remediation/action: deactivate and delete the plugin, as PatchStack notes the plugin is closed for review since 2021-10-06. No explicit exploit sta...
CVE-2021-24607 Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting
The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Storefront Footer Text plugin in version 1.0.1 an...
WordPress Storefront Footer Text plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Storefront Footer Text plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of October 6, 2021 and is not available for download. This closure is temporary, pending a full...
Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed. PoC The plugin requires the Storefront theme Go to Appearance Customize...