Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/07e9e70b-97a6-42e3-b0de-8cb69dedcbd3 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-03-18 15:15
Updated : 2024-02-28 18:08
NVD link : CVE-2021-24135
Mitre link : CVE-2021-24135
CVE.ORG link : CVE-2021-24135
JSON object : View
Products Affected
gowebsolutions
- wp_customer_reviews
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')