CVE-2021-24586

CVE-2021-24586

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting (feature mentioned by the plugin), this could lead to Stored XSS issue which will be triggered either in the backend, frontend or both depending on the payload used.

Source: CVE-2021-24586

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다