3 matches found
CVE-2021-24445
The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting...
CVE-2021-24445
creationtimestamp| type| source ---|---|--- 2021-08-16 14:14:32+00:00| seen| https://t.me/cibsecurity/27353...
CVE-2021-24445
CVE-2021-24445 affects the WordPress My Site Audit plugin up to version 1.2.4. The vulnerability is an authenticated Stored Cross-Site Scripting (XSS) caused by failure to sanitize/escape the Audit Name field when creating audits, allowing a high-privilege user to inject JavaScript payloads even ...