Security Advisory

CVE-2021-24850

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-17 10:15:52

Last updated 2024-08-03 19:42:17

Assigner WPScan

State PUBLISHED

Description

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another posts custom fields.

← Browse all CVEs View on cve.org ↗