CVE-2021-24196

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized
Configurations

Configuration 1 (hide)

cpe:2.3:a:cm-wp:social_slider_widget:*:*:*:*:*:wordpress:*:*

History

07 Nov 2023, 03:31

Type Values Removed Values Added
Summary The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized

Information

Published : 2021-04-05 19:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-24196

Mitre link : CVE-2021-24196

CVE.ORG link : CVE-2021-24196


JSON object : View

Products Affected

cm-wp

  • social_slider_widget
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')