Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.10 views

CVE-2021-24664

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitizetextfield but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues...

4.8CVSS6AI score0.02358EPSS
Exploits4References1
0day.today
0day.today
added 2021/11/15 12:0 a.m.340 views

WordPress WPSchoolPress 2.1.16 Plugin - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting XSS Exploit Author: Davide Taraschi Vendor Homepage: https://wpschoolpress.com/ Software Link: https://wpschoolpress.com/free-download/ Version: up to 2.1.17 non included Tested on: Ubuntu 20.04 over WordPress...

4.8CVSS5.7AI score0.02358EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/11/15 12:0 a.m.334 views

WordPress WPSchoolPress 2.1.16 Cross Site Scripting

Exploit Title: WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting XSS Date: 20/08/2021 Exploit Author: Davide Taraschi Vendor Homepage: https://wpschoolpress.com/ Software Link: https://wpschoolpress.com/free-download/ Version: up to 2.1.17 non included Tested on: Ubuntu 20.0...

3.5CVSS5.7AI score0.02358EPSS
Exploits4
NVD
NVD
added 2021/11/08 6:15 p.m.45 views

CVE-2021-24664

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitizetextfield but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues...

4.8CVSS0.02358EPSS
Exploits4References2
Cvelist
Cvelist
added 2021/11/08 5:34 p.m.47 views

CVE-2021-24664 WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitizetextfield but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues...

5.2AI score0.02358EPSS
Exploits4References2
CVE
CVE
added 2021/11/08 5:34 p.m.85 views

CVE-2021-24664

CVE-2021-24664: The WordPress plugin WPSchoolPress (School Management System) versions before 2.1.17 are vulnerable to Stored Cross-Site Scripting. The root cause is insufficient escaping of data output in attributes after sanitise_text_field() processing. Exploitable in the WordPress admin conte...

4.8CVSS4.9AI score0.02358EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder