Lucene search
Krzysztof ZającWPVDB-ID:7608829D-2820-49E2-A10E-E93EB3005F68HistoryDec 27, 2021 - 12:00 a.m.
myCred < 2.4 - Reflected Cross-Site Scripting
2021-12-2700:00:00
Krzysztof Zając
wpscan.com
9
mycred plugin
cross-site scripting
security issue
EPSS
0.001
Percentile
31.7%
The plugin does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue
PoC
Related
cvelist
cvelist
CVE-2021-25015 myCred < 2.4 - Reflected Cross-Site Scripting
2022-01-24 08:01:09
cnvd
cnvd
WordPress myCred plugin cross-site scripting vulnerability
2022-01-26 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2021-25015
2022-01-24 08:15:09
prion
prion
Cross site scripting
2022-01-24 08:15:00
cve
cve
CVE-2021-25015
2022-01-24 08:15:09
wpexploit
wpexploit
myCred < 2.4 - Reflected Cross-Site Scripting
2021-12-27 00:00:00