CVE-2021-24444
N/A
N/A
Summary
The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.0.7.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | TaxoPress – Create and Manage Taxonomies, Tags, Categories | 3.0.7.2 < 3.0.7.2 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8b
- http://packetstormsecurity.com/files/164604/WordPress-TaxoPress-3.0.7.1-Cross-Site-Scripting.html
References
- https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8b
- http://packetstormsecurity.com/files/164604/WordPress-TaxoPress-3.0.7.1-Cross-Site-Scripting.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.