← voltar
CVE-2021-24794

Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting

EPSS 0.7%CWE-79
The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.
Produtos afetados
Unknown · Connections Business Directory

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wpscan.com/vulnerability/651dc567-943e-4f57-8ec4-6eee466785f5