4 matches found
CVE-2021-24670
The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks...
CVE-2021-24670
The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks...
CVE-2021-24670 CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting
The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks...
CVE-2021-24670
CVE-2021-24670 affects the CoolClock WordPress plugin prior to version 4.3.5. The root cause is failure to properly escape some shortcode attributes, enabling Stored Cross-Site Scripting (XSS) by users with as low as Contributor role. Impact is client-side code execution through crafted shortcode...