3 matches found
CVE-2021-24372
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $SERVER'REQUESTURI' before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...
CVE-2021-24372
The CVE concerns the WordPress plugin WP Hardening – Fix Your WordPress Security (pre-1.2.2). The vulnerability is a reflected XSS caused by not sanitising/escaping $_SERVER['REQUEST_URI'] before output in an HTML attribute. Affected versions are those before 1.2.2; exploitation would involve sub...
CVE-2021-24372 WP Hardening < 1.2.2 - Reflected XSS via URI
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $SERVER'REQUESTURI' before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...