CVE-2021-24768
N/A
N/A
Summary
The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More | 4.19.2 < 4.19.2 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.