2 matches found
CVE-2021-24530
CVE-2021-24530 affects the WordPress Alojapro Widget plugin up to version 1.1.15. The vulnerability arises from improper sanitisation of Custom CSS settings, enabling authenticated, high-privilege users to perform stored XSS even when unfiltered_html is disabled. Reported PoCs show injected scrip...
CVE-2021-24530 Alojapro Widget <= 1.1.15 - Authenticated Stored Cross-Site Scripting (XSS)
The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...