3 matches found
CVE-2021-24932
The Auto Featured Image Auto Post Thumbnail WordPress plugin before 3.9.3 does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24932
The CVE-2021-24932 entry concerns the WordPress plugin Auto Featured Image (Auto Post Thumbnail) prior to version 3.9.3. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by insufficient sanitisation/escaping of the post_id parameter in an admin page output within a JS block...
CVE-2021-24932 Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting
The Auto Featured Image Auto Post Thumbnail WordPress plugin before 3.9.3 does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue...