Lucene search
+L

4 matches found

NVD
NVD
added 2021/11/01 9:15 p.m.15 views

CVE-2021-39340

The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary we...

4.8CVSS0.00901EPSS
Exploits1References3
OSV
OSV
added 2021/11/01 9:15 p.m.12 views

CVE-2021-39340

The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary we...

4.8CVSS5.9AI score0.00901EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2021/11/01 9:1 p.m.4 views

CVE-2021-39340 Notification – Custom Notifications and Alerts for WordPress <= 7.2.4 Authenticated Stored Cross-Site Scripting

The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary we...

4.8CVSS4.9AI score0.00901EPSS
Exploits1References3
CVE
CVE
added 2021/11/01 9:1 p.m.45 views

CVE-2021-39340

The WordPress Notification plugin is affected by CVE-2021-39340 (up to v7.2.4). The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input validation/sanitization in multiple parameters within Settings.php, exploitable by attackers with administrative access on multi-site ...

4.8CVSS4.8AI score0.00901EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder