Podatność CVE-2021-24322
Publikacja: 2021-06-01

Opis:
The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Low
WP-DB-Backup WordPress Plugin <= 2.3.3 - Authenticated Persistent XSS
m0ze
17.05.2021

Typ:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 Referencje:
https://m0ze.ru/vulnerability/%5B2021-04-04%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-DB-Backup-WordPress-Plugin-v2.3.3.txt
https://wpscan.com/vulnerability/6bea6301-0762-45c3-a4eb-15d6ac4f9f37
Copyright 2024, cxsecurity.com

 

Back to Top