CVE-2021-25031
N/A
N/A
Summary
The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) | 9.7.1 < 9.7.1 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/1fbcf5ec-498e-4d40-8577-84b8c7ac3201
- https://plugins.trac.wordpress.org/changeset/2648086
References
- https://wpscan.com/vulnerability/1fbcf5ec-498e-4d40-8577-84b8c7ac3201
- https://plugins.trac.wordpress.org/changeset/2648086
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.