3 matches found
CVE-2021-24607
The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed...
CVE-2021-24607
The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed...
CVE-2021-24607
The CVE concerns the WordPress Storefront Footer Text plugin (versions Customize) and payloads, indicating frontend and admin areas can be affected. Remediation/action: deactivate and delete the plugin, as PatchStack notes the plugin is closed for review since 2021-10-06. No explicit exploit sta...