Back to search
CVE-2021-24988
Published: Dec 27, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter.
| Vendor | Product | Versions |
|---|---|---|
Unknown | WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More | affected 4.19.3 - < 4.19.3 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now