CVE-2021-24850
Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting
The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields.
Productos afectados
Unknown · Insert Pages¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →