Security Advisory

CVE-2021-24533

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-23 11:10:01

Last updated 2024-08-03 19:35:19

Assigner WPScan

State PUBLISHED

Description

The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontend

← Browse all CVEs View on cve.org ↗