CVE-2021-24297

Goto < 2.1 - Reflected Cross-Site Scripting (XSS)

EPSS 0.8%CWE-79

The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.

Produtos afetados

Unknown · Goto

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/a64a3b2e-7924-47aa-96e8-3aa02a6cdccc