3 matches found
CVE-2021-24567 Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)
The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue...
CVE-2021-24567 Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)
The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue...
CVE-2021-24567
CVE-2021-24567 concerns the Simple Post WordPress plugin (versions up to 1.1). The issue is an authenticated stored XSS: user input is not sanitized and is not escaped on output, enabling script execution when an authenticated user submits a Text value. The Red Hat/other sources corroborate the s...