RSS   Vulnerabilities for 'Business manager'   RSS

2021-10-15
 
CVE-2021-39332

CWE-79
 

 
The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

 


Copyright 2024, cxsecurity.com

 

Back to Top