QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24904

Published: Feb 14, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Vendor	Product	Versions
Unknown	Mortgage Calculators WP	affected `1.56 - < 1.56`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/7b80f89b-e724-41c5-aa03-21d1eef50f21

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.