3 matches found
CVE-2021-24850
The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...
CVE-2021-24850
CVE-2021-24850 concerns the WordPress Insert Pages plugin (versions before 3.7.0). The vulnerability arises from a shortcode that can reveal other pages’ content and custom fields, enabling stored XSS when a user with as little as Contributor privileges embeds payloads in a post’s custom fields. ...
CVE-2021-24850 Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting
The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...