Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.7 views

CVE-2021-24672

The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS6AI score0.00629EPSS
Exploits2References1
NVD
NVD
added 2021/10/18 2:15 p.m.13 views

CVE-2021-24672

The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00629EPSS
Exploits2References1
OSV
OSV
added 2021/10/18 2:15 p.m.3 views

CVE-2021-24672

The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00629EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/10/18 1:45 p.m.14 views

CVE-2021-24672 One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting

The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00629EPSS
Exploits2References1
CVE
CVE
added 2021/10/18 1:45 p.m.49 views

CVE-2021-24672

The CVE-2021-24672 entry concerns the WordPress plugin One User Avatar (versions prior to 2.3.7). The vulnerability arises from failure to esc ape the link and target attributes in the plugin’s shortcode, enabling a user with as little as a Contributor role to perform a Stored Cross-Site Scriptin...

5.4CVSS5.3AI score0.00629EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder