Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Flat Preloader ProjectFlat Preloader

2 matches found

CVE
CVEadded 2021/11/01 8:46 a.m.44 views

CVE-2021-24685

The CVE-2021-24685 affects the Flat Preloader WordPress plugin prior to version 1.5.4. Root cause: the plugin does not enforce nonce checks when saving settings and fails to sanitise/escape inputs, enabling a logged-in admin to modify settings that can trigger stored Cross-Site Scripting (XSS) pa...

5.4CVSS5.3AI score0.00137EPSS
Web
CVE
CVEadded 2021/11/01 8:46 a.m.42 views

CVE-2021-24789

The CVE refers to WordPress Flat Preloader plugin pre-1.5.5. Connected sources confirm a cross-site scripting (XSS) vulnerability where certain settings are not escaped when output in HTML attributes, enabling an attacker with admin-level access to trigger client-side JS even when unfiltered_html...

4.8CVSS4.8AI score0.00206EPSS