2 matches found
CVE-2021-24229
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreonsaveattachmentpatreonlevel AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is...
CVE-2021-24229
Patreon WordPress plugin prior to 1.7.2 is affected by a Reflected Cross-Site Scripting vulnerability in the patreon_save_attachment_patreon_level AJAX action. The issue arises because one parameter used by this AJAX endpoint is not sanitized before being echoed back to the user, and the action i...