CVE-2021-24932

The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:cm-wp:auto_featured_image:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-12-13 11:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-24932

Mitre link : CVE-2021-24932

CVE.ORG link : CVE-2021-24932


JSON object : View

Products Affected

cm-wp

  • auto_featured_image
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')