CVE-2021-24434
N/A
N/A
Summary
The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Glass | 1.3.2 <= 1.3.2 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.