QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24897

Published: Mar 14, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

Vendor	Product	Versions
Unknown	Add Subtitle	affected `1.1.0 - <= 1.1.0`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/a0dd1da8-f8d2-453d-a2f2-711a49fb6466

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.