QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24850

Published: Nov 17, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields.

Vendor	Product	Versions
Unknown	Insert Pages	affected `3.7.0 - < 3.7.0`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/2d6f9be0-b9fd-48e5-bd68-94eeb3822c0a

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.