2 matches found
CVE-2021-24485
The CVE-2021-24485 entry covers the WordPress Special Text Boxes plugin. Affected software: WordPress Special Text Boxes plugin versions prior to 5.9.110. Vulnerable component: settings sanitisation/escaping in the plugin, allowing Cross-Site Scripting (XSS) by high-privilege users even when unfi...
CVE-2021-24485 Special Text Boxes < 5.9.110 - Admin+ Stored Cross-Site Scripting
The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...