← voltar
CVE-2021-24941

Icegram < 2.0.5 - Reflected Cross-Site Scripting

EPSS 0.8%CWE-79
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue
Produtos afetados
Unknown · Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wpscan.com/vulnerability/beca7afd-8f03-4909-bea0-77b63513564b