CVE-2020-24316

WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

CVE-2020-24316

WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

CVE-2020-24316

CVE-2020-24316 affects the WordPress plugin Rednumber Admin Menu (versions 1.1 and lower). The vulnerability is a reflected XSS where the GET parameter role is echoed back without sanitization, enabling an attacker to craft a URL to execute client-side scripts. Exploitation is via a specially cra...

PT-2020-15681 · Rednumber · Wp Plugin Rednumber Admin Menu

Name of the Vulnerable Software and Affected Versions: WP Plugin Rednumber Admin Menu versions 1.1 and lower Description: The issue is related to a reflected XSS vulnerability. It occurs because the role GET parameter value is not sanitized before being echoed back to the user. This allows...