3 matches found
WordPress WP SMS Plugin < 5.4.13 is vulnerable to Cross Site Scripting (XSS)
Software WP SMS Type Plugin Vulnerable versions 5.4.13 Fixed in 5.4.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-24561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 935be5382779 Credits Muhammad Daffa Required privileg...
CVE-2021-24561
The CVE-2021-24561 entry concerns the WP SMS WordPress plugin (versions prior to 5.4.13). The vulnerability is an Authenticated Stored Cross-Site Scripting issue caused by the plugin failing to sanitize the wp_group_name parameter when rendering the Groups page. Impact per sources is stored XSS w...
CVE-2021-24561 WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting
The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wpgroupname" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue...