2 matches found
CVE-2021-24760 Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting
The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2021-24760
The Gutenberg PDF Viewer Block WordPress plugin is vulnerable to stored Cross-Site Scripting in versions before 1.0.1 due to insufficient sanitisation/escaping of its block. This allows users with a role as low as Contributor to inject malicious scripts. Remediation: update to at least 1.0.1. No ...