3 matches found
CVE-2021-24822
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions available to authenticated users, which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks again...
CVE-2021-24822
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions available to authenticated users, which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks again...
CVE-2021-24822
CVE-2021-24822 corresponds to a stored XSS vulnerability in the WordPress plugin Stylish Cost Calculator prior to version 7.0.4 . The issue arises from missing authorization/CSRF checks on certain AJAX actions accessible to authenticated users, enabling any authenticated user (e.g., subscribers) ...