Security Advisory

CVE-2021-24245

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-05-05 18:39:42

Last updated 2024-08-03 19:21:18

Assigner WPScan

State PUBLISHED

Description

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.

← Browse all CVEs View on cve.org ↗