4 matches found
CVE-2021-24671
The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the timezone attribute of the mxmtzctimezoneclocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24671
The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the timezone attribute of the mxmtzctimezoneclocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24671 MX Time Zone Clocks < 3.4.1 - Contributor+ Cross-Site Scripting
The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the timezone attribute of the mxmtzctimezoneclocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24671
The CVE-2021-24671 affects the WordPress plugin MX Time Zone Clocks prior to version 3.4.1. The vulnerability stems from insufficient escaping of the time_zone attribute in the mxmtzc_time_zone_clocks shortcode, allowing a user with as low as Contributor privileges to perform Stored Cross-Site Sc...