Back to search
CVE-2021-24958
Published: Mar 14, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them
| Vendor | Product | Versions |
|---|---|---|
Unknown | Meks Easy Photo Feed Widget | affected 1.2.4 - < 1.2.4 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now