3 matches found
CVE-2021-24541
The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderpluginpdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...
CVE-2021-24541 Wonder PDF Embed < 1.7 - Contributor+ Stored XSS
The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderpluginpdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks...
CVE-2021-24541
The CVE-2021-24541 entry concerns the WordPress Wonder PDF Embed plugin (before version 1.7). The vulnerability stems from the plugin not escaping parameters of the wonderplugin_pdf shortcode, enabling Stored XSS for users with a role as low as Contributor. Affected component/function: wonderplug...