3 matches found
CVE-2021-24468
The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues...
CVE-2021-24468
CVE-2021-24468 affects the WordPress Leaflet Map plugin up to version 3.0.0, where shortcode attributes are not escaped before use in JavaScript/HTML, enabling stored XSS by users with as low as Contributor. Impact is stored XSS; remediation is to update to v3.0.0 or newer (per provided records).
CVE-2021-24468 Leaflet Map < 3.0.0 - Contributor+ Stored XSS
The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues...