3 matches found
CVE-2021-24322
The Database Backup for WordPress plugin before 2.4 did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue...
CVE-2021-24322
The CVE-2021-24322 entry concerns the WordPress Database Backup plugin prior to version 2.4. The vulnerability is a Stored XSS caused by not escaping the backup_recipient POST parameter before echoing it into an HTML attribute, enabling an attacker to inject malicious payloads. Affected product: ...
CVE-2021-24322 Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)
The Database Backup for WordPress plugin before 2.4 did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue...