EUVD-2021-11346

Malware in sbrugna...

Cross site scripting

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a...

CVE-2021-24434

The CVE-2021-24434 issue affects the Glass WordPress plugin (versions 1.3.2 and earlier). The root cause is that the plugin does not sanitize or escape the Glass Pages setting before output, enabling Stored Cross-Site Scripting (XSS). Additionally, there is no CSRF protection when saving plugin s...

PT-2021-15962 · WordPress · Glass

Name of the Vulnerable Software and Affected Versions: Glass WordPress plugin versions 1.3.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting problem. It occurs because the Glass Pages setting is not properly sanitised or escaped before being outputted in a page...