4 matches found
CVE-2021-24424
The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extradata parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...
WordPress WP Reset plugin < 1.90 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24424
The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extradata parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...
CVE-2021-24424
The CVE describes an authenticated Stored XSS in the WP Reset plugin for WordPress (versions before 1.90). The root cause is failure to sanitize/escape the extra_data parameter when creating a snapshot via the admin dashboard, enabling injected HTML/JS payloads. The vulnerability affects WP Reset