RSS   Vulnerabilities for 'Simple banner'   RSS

2021-08-23
 
CVE-2021-24574

CWE-79
 

 
The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed.

 


Copyright 2024, cxsecurity.com

 

Back to Top