CVE-2021-24678
N/A
N/A
Summary
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | CM Tooltip Glossary – Better SEO and UEX for your WP site | 3.9.21 < 3.9.21 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.