QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-24581

Back to search

CVE-2021-24581

Published: Aug 30, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.

VendorProductVersions

Unknown

Blue Admin

affected
21.06.01 - <= 21.06.01

Weaknesses (CWE)

CWE-352
CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now