CVE-2021-24593

Summary

The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue

Affected Software

VendorProductVersion RangeStatus
UnknownBusiness Hours Indicator2.3.5 < 2.3.5affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References