3 matches found
CVE-2021-24601
The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24601
The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24601
The CVE-2021-24601 entry concerns the WPFront Notification Bar WordPress plugin, affected versions prior to 2.1.0.08087. Root cause: improper sanitisation and escaping of plugin settings. Impact: authenticated users with high privileges can perform Cross-Site Scripting (XSS), even when unfiltered...