The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/575c02ea-4fe9-428c-bbc8-e161af679b6d | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-12-13 11:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-24932
Mitre link : CVE-2021-24932
CVE.ORG link : CVE-2021-24932
JSON object : View
Products Affected
cm-wp
- auto_featured_image
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')