QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-24434

Back to search

CVE-2021-24434

Published: Jul 12, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.

VendorProductVersions

Unknown

Glass

affected
1.3.2 - <= 1.3.2

Weaknesses (CWE)

CWE-79
CWE-352

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now