QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-24477

Back to search

CVE-2021-24477

Published: Aug 2, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack.

VendorProductVersions

Unknown

Migrate Users

affected
1.0.1 - <= 1.0.1

Weaknesses (CWE)

CWE-79
CWE-352

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now