2 matches found
CVE-2021-24586
CVE-2021-24586 affects the WordPress plugin “Per page add to head” (versions before 1.4.4). The vulnerability arises from a lack of CSRF protection when saving settings, enabling a logged-in admin’s actions to be manipulated. The plugin also allows arbitrary HTML to be inserted in one setting, cr...
CVE-2021-24586 Per Page Add to Head < 1.4.4 - CSRF to Stored XSS
The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this...