Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Plugin-planetPrismatic

2 matches found

CVE
CVEadded 2021/07/12 7:20 p.m.83 views

CVE-2021-24409

The CVE-2021-24409 entry concerns the Prismatic WordPress plugin (prior to v2.8). The vulnerability is a reflected Cross-Site Scripting (XSS) flaw caused by the plugin not escaping the 'tab' GET parameter before echoing it into an HTML attribute, leading to execution in the context of a logged-in...

6.1CVSS6AI score0.01793EPSS
Web
CVE
CVEadded 2021/07/12 7:20 p.m.48 views

CVE-2021-24408

CVE-2021-24408 involves the Prismatic WordPress plugin, vulnerable in versions before 2.8. It does not sanitize/validate certain shortcode parameters, enabling stored XSS from users with roles as low as Contributor. A contributor-created post requires admin approval for the XSS to trigger in the ...

5.4CVSS5.2AI score0.00624EPSS