2 matches found
CVE-2021-24826 Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting
The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Please note that such attack is still...
CVE-2021-24826
The CVE-2021-24826 issue affects the WordPress plugin “Custom Content Shortcode” prior to version 4.0.2. The vulnerability arises because the plugin does not escape custom fields before output, enabling authenticated users with Contributor+ (v < 4.0.1) or Admin+ (v