Security Advisory

CVE-2021-24605

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-13 17:56:28
Last updated 2024-08-03 19:35:20
Assigner WPScan
State PUBLISHED

Description

The create_post_page AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 (available to authenticated user) does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue