CVE-2021-24895 in Cybersoldier Plugininformación

Resumen

por MITRE • 2022-03-14

The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservar

2021-01-14

Divulgación

2022-03-14

Moderación

aceptado

Artículo

VDB-194879

CPE

listo

EPSS

0.00588

KEV

no

Actividades

muy bajo

Fuentes

Interested in the pricing of exploits?

See the underground prices here!