CVE-2021-24932

Summary

The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue.

Affected Software

VendorProductVersion RangeStatus
UnknownAuto Featured Image (Auto Post Thumbnail)3.9.3 < 3.9.3affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References