← volver
CVE-2021-24678

CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting

EPSS 0.6%CWE-79
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks
Productos afectados
Unknown · CM Tooltip Glossary – Better SEO and UEX for your WP site

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/b83880f7-8614-4409-9305-d059b5df15dd