Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

CVE
CVEadded 2021/08/02 10:32 a.m.46 views

CVE-2021-24504

The CVE-2021-24504 entry covers the WP LMS – Best WordPress LMS Plugin (versions up to 1.1.2). The issue is stored XSS caused by improper sanitisation/validation of User Field Titles, coupled with missing CSRF and capability checks. Several connected sources corroborate unauthenticated XSS and in...

6.1CVSS6AI score0.01484EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2021/08/02 10:32 a.m.13 views

CVE-2021-24504 WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS)

The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any use...

6.2AI score0.01484EPSS
Exploits2References1
Rows per page
Query Builder