2 matches found
CVE-2021-24768 WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting
The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...
CVE-2021-24768
CVE-2021-24768 affects the WordPress WP RSS Aggregator plugin prior to 4.19.2. The issue is improper sanitisation/escaping of the URL to the Blacklist field, allowing malicious HTML to be stored by high-privilege users even when unfiltered_html is disallowed, enabling stored Cross-Site Scripting ...