2 matches found
CVE-2021-24283
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue...
CVE-2021-24283
CVE-2021-24283 – WordPress Accordion plugin : The vulnerability affects WordPress Accordion plugin versions up to 2.2.29. The issue is an authenticated reflected XSS in the settings page, caused by the tab GET parameter not being sanitised or escaped when output into an HTML attribute. Exploitati...