3 matches found
CVE-2021-24286
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue...
EUVD-2021-11556
The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue...
CVE-2021-24274
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...