CVE-2021-24955
ProfilePress < 3.2.3 - Reflected Cross-Site Scripting
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
Produtos afetados
Unknown · User Registration, Login Form, User Profile & Membership – ProfilePress (Formerly WP User Avatar)Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →