5 matches found
CVE-2021-24897
The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field available only with classic editor when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24897
The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field available only with classic editor when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24897
The CVE-2021-24897 entry concerns the WordPress Add Subtitle plugin (
CVE-2021-24897 Add Subtitle <= 1.1.0 - Contributor+ Stored Cross-Site Scripting
The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field available only with classic editor when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
WordPress plugin Add Subtitle跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Add Subtitle has a cross-site scripting vulnerability that stems from failure to clean up or esca...