CVE-2021-24535

The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them even with the unfilteredhtml disallowed. As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a...

CVE-2021-24535

The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them even with the unfilteredhtml disallowed. As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a...

CVE-2021-24535

The CVE concerns Light Messages WordPress plugin (

CVE-2021-24535 Light Messages <= 1.0 - CSRF to Stored XSS

The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them even with the unfilteredhtml disallowed. As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up a personal blog site on a server with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. version before Light Messages WordPress plugin 1...