WordPress Display Post Metadata plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. display Post Metadata plugin is a WordPress open source application plugin. WordPress Display Post Metadata plugin ...

CVE-2021-24855

The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

CVE-2021-24855

CVE-2021-24855 affects the WordPress plugin Display Post Metadata (before 1.5.0). The vulnerability arises from unsanitised/unescaped content in a shortcode that prints custom fields, enabling stored Cross-Site Scripting for users with as low as Contributor. Impact is elevated to XSS through the ...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. display Post Metadata plugin is a WordPress open source application plugin. WordPress Display Post Metadata plugin ...

WordPress Display Post Metadata plugin <= 1.4.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Francesco Carlucci in WordPress Display Post Metadata plugin versions = 1.4.0. Solution Update the WordPress Display Post Metadata plugin to the latest available version at least 1.5.0...