CVE-2021-24541

The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderpluginpdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...

WordPress Wonder PDF Embed Plugin <= 2.7 is vulnerable to Cross Site Scripting (XSS)

Software Wonder PDF Embed Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 563e16943dd0 Credits Yudistira Arya Required privilege Author...

CVE-2021-24541

The CVE-2021-24541 entry concerns the WordPress Wonder PDF Embed plugin (before version 1.7). The vulnerability stems from the plugin not escaping parameters of the wonderplugin_pdf shortcode, enabling Stored XSS for users with a role as low as Contributor. Affected component/function: wonderplug...

CVE-2021-24541 Wonder PDF Embed < 1.7 - Contributor+ Stored XSS

The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderpluginpdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugins is an open source application plugin for WordPress. A security vulnerability exists in the WordPress...

Wonder PDF Embed < 1.7 - Contributor+ Stored XSS

The plugin does not escape parameters of its wonderpluginpdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks. wonderpluginpdf src="a" onload="alert1"...