CVE-2021-24599

Summary

The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data.

Affected Software

VendorProductVersion RangeStatus
UnknownEmail Encoder – Protect Email Addresses2.1.2 < 2.1.2affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References