Security Advisory

CVE-2021-24984

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-27 10:33:24
Last updated 2024-08-03 19:49:14
Assigner WPScan
State PUBLISHED

Description

The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting