Security Advisory

CVE-2021-24489

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-25 13:20:38

Last updated 2024-08-03 19:35:20

Assigner WPScan

State PUBLISHED

Description

The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.

← Browse all CVEs View on cve.org ↗