QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24933

Published: Feb 28, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue

Vendor	Product	Versions
Unknown	Dynamic Widgets	affected `1.5.16 - <= 1.5.16`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/b8e6f0d3-a7d1-4ca8-aba8-0d5075167d55

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.