Back to search
CVE-2021-24129
Published: Mar 18, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Themify Portfolio Post | affected 1.1.6 - < 1.1.6 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now