2 matches found
CVE-2021-24732 Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting
The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24732
The CVE concerns the DearFlip (Dflip Lite) WordPress plugin, prior to version 1.7.10. The vulnerability arises from not escaping the class attribute of the plugin’s shortcode before outputting it in an attribute, enabling Stored Cross-Site Scripting by users with as low as Contributor privileges....