CVE-2021-24477
N/A
N/A
Summary
The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Migrate Users | 1.0.1 <= 1.0.1 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.