3 matches found
CVE-2021-24645
The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24645
The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24645
CVE-2021-24645 concerns the Booking.com Product Helper WordPress plugin prior to 1.0.2. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Product Shortcode creation flow, caused by failure to sanitize and escape the Product Code. An attacker with admin+ privileges could inject XSS i...