3 matches found
CVE-2021-24448
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfilteredhtml capability is disallowed, leading to an...
CVE-2021-24448 Profile Builder < 3.4.8 - Authenticated Stored XSS
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfilteredhtml capability is disallowed, leading to an...
CVE-2021-24448
CVE-2021-24448 affects the WordPress plugin Profile Builder (User Registration & User Profile) prerelease 3.4.8, where the setting Modify default Redirect Delay timer is not sanitized/escaped. This enables an authenticated, high-privilege user to inject JavaScript into that field, resulting in a ...