Lucene search
Asif Nawaz MinhasWPEX-ID:4D0C60D1-DB5A-4C4F-9BDB-669975AC7210HistorySep 10, 2021 - 12:00 a.m.
Easy Accordion < 2.0.22 - Authenticated Stored XSS
2021-09-1000:00:00
Asif Nawaz Minhas
331
easy accordion
authenticated stored xss
injection payload
cross-site scripting
wp-admin
accordion pages
EPSS
0.001
Percentile
24.8%
The plugin does not properly sanitize inputs when adding new items to an accordion.
When adding new items to an accordion, an injection payload of "<!'/*"/*/'/*/"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //>" for an accordion item's title will result in XSS in the wp-admin page as well as on pages that show the accordion.Related
wpvulndb
wpvulndb
Easy Accordion < 2.0.22 - Authenticated Stored XSS
2021-09-10 00:00:00
patchstack
patchstack
prion
prion
Design/Logic Flaw
2021-10-11 11:15:00
cvelist
cvelist
CVE-2021-24576 Easy Accordion < 2.0.22 - Authenticated Stored XSS
2021-10-11 10:45:31
cnvd
cnvd
WordPress Easy Accordion plugin cross-site scripting vulnerability
2021-10-13 00:00:00
cve
cve
CVE-2021-24576
2021-10-11 11:15:08
nvd
nvd
CVE-2021-24576
2021-10-11 11:15:08