RSS   Vulnerabilities for 'Wp all export'   RSS

2021-11-08
 
CVE-2021-24708

CWE-79
 

 
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

 


Copyright 2024, cxsecurity.com

 

Back to Top