RSS   Vulnerabilities for 'Remove footer credit'   RSS

2022-02-14
 
CVE-2021-24446

CWE-352
 

 
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation

 
 
CVE-2021-25050

CWE-79
 

 
The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

 

 >>> Vendor: Wpchill 4 Products
Download monitor
Check \& log email
Remove footer credit
Kb support


Copyright 2024, cxsecurity.com

 

Back to Top