3 matches found
CVE-2021-24294
The dsgvoaiowritelog AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard wp-admin/admin.php?page=dsgvoaiofree-show-log. This could allow unauthenticate...
CVE-2021-24294 DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
The dsgvoaiowritelog AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard wp-admin/admin.php?page=dsgvoaiofree-show-log. This could allow unauthenticate...
CVE-2021-24294
CVE-2021-24294 affects the DSGVO All in one for WP plugin for WordPress (before version 4.0). The vulnerability arises in the dsgvoaio_write_log AJAX action, which fails to sanitize/escape certain POST parameters before displaying them on the admin log page (wp-admin/admin.php?page=dsgvoaiofree-s...