CVE-2021-24297

Goto < 2.1 - Reflected Cross-Site Scripting (XSS)

EPSS 0.8%CWE-79

The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.

Productos afectados

Unknown · Goto

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/a64a3b2e-7924-47aa-96e8-3aa02a6cdccc