CVE-2021-24382

CVE-2021-24382

The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin’s functionality, in which case, privilege escalation could be performed.

Source: CVE-2021-24382

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다