4 matches found
CVE-2021-24587
The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...
CVE-2021-24587
CVE-2021-24587 affects the Splash Header WordPress plugin prior to version 1.20.8. The underlying issue is improper sanitisation/escaping of certain plugin settings when they are output in the admin dashboard, enabling authenticated stored Cross-Site Scripting (XSS). The documented impact is an a...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. WordPress Plugin A cross-site scripting vulnerability exists that stems from the Splash Header plugin prior to version 1.20.8 not clearing and escaping some of its settings when outputting in the admin dashboard, which leads to...
WordPress Splash Header plugin <= 1.20.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by xiahao in WordPress Splash Header plugin versions = 1.20.7. Solution Update the WordPress Splash Header plugin to the latest available version at least 1.20.8...