← back
CVE-2021-24587

Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS)

EPSS 0.6%CWE-79
The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue.
Affected products
Unknown · Splash Header

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/bb5d94ad-e1ce-44e2-8403-d73fe75a146a