CVE-2021-24297

Goto < 2.1 - Reflected Cross-Site Scripting (XSS)

EPSS 0.8%CWE-79

The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.

Affected products

Unknown · Goto

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/a64a3b2e-7924-47aa-96e8-3aa02a6cdccc