2 matches found
CVE-2021-24124 WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS)
Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting XSS when the CAPTCHA page is shown could lead to privileged escalation...
CVE-2021-24124
Affected software: WordPress WP Shieldon plugin (versions 1.6.3 and below). Vulnerability: Unauthenticated Reflected Cross‑Site Scripting caused by unvalidated input and lack of output encoding on the CAPTCHA page, due to $_SERVER['REQUEST_URI'] being echoed without encoding. Impact: could lead t...