CVE-2021-24988
N/A
N/A
Summary
The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More | 4.19.3 < 4.19.3 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.