CVE-2021-24888

ImageBoss < 3.0.6 - Admin+ Stored Cross-Site Scripting

EPSS 0.7%CWE-79

The ImageBoss WordPress plugin before 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks

Affected products

Unknown · ImageBoss – Images Up To 60% Smaller & CDN

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/19bffa71-705c-42fc-b2ca-bf62fabb70a0