QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-24245

Back to search

CVE-2021-24245

Published: May 5, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.

VendorProductVersions

Trumani

Stop Spammers

affected
2021.9 - < 2021.9

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now