2 matches found
CVE-2021-24482
The Related Posts for WordPress plugin through 2.0.4 does not sanitise its headingtext and CSS settings, allowing high privilege users admin to set XSS payloads in them, leading to Stored Cross-Site Scripting issues...
CVE-2021-24482
CVE-2021-24482 affects the WordPress Related Posts for WordPress plugin up to version 2.0.4. An authenticated admin can abuse unsanitised heading_text and CSS settings to trigger Stored XSS, with PoCs showing input like heading_text and CSS payloads. Impact is Stored XSS under admin-authenticated...