Security Advisory

CVE-2021-24439

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-12 19:21:01

Last updated 2024-08-03 19:28:23

Assigner WPScan

State PUBLISHED

Description

The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped.

← Browse all CVEs View on cve.org ↗