Back to search
CVE-2021-24305
Published: May 24, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
The Target First WordPress Plugin v2.0, also previously known as Watcheezy, suffers from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the 'weeWzKey' parameter that will be save as the 'weeID option and is not sanitized.
| Vendor | Product | Versions |
|---|---|---|
TargetFirst | Target First Plugin | affected 2.0 |
Weaknesses (CWE)
References
https://wpscan.com/vulnerability/4d55d1f5-a7b8-4029-942d-7a13e2498f64
x_refsource_CONFIRM
https://www.targetfirst.com/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now