The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
References
| Link | Resource |
|---|---|
| https://plugins.trac.wordpress.org/changeset/2655918 | Patch Third Party Advisory |
| https://wpscan.com/vulnerability/25a28adb-794f-4bdb-89e8-060296b45b38 | Exploit Third Party Advisory |
| https://plugins.trac.wordpress.org/changeset/2655918 | Patch Third Party Advisory |
| https://wpscan.com/vulnerability/25a28adb-794f-4bdb-89e8-060296b45b38 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:54
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://plugins.trac.wordpress.org/changeset/2655918 - Patch, Third Party Advisory | |
| References | () https://wpscan.com/vulnerability/25a28adb-794f-4bdb-89e8-060296b45b38 - Exploit, Third Party Advisory |
Information
Published : 2022-02-14 12:15
Updated : 2024-11-21 05:54
NVD link : CVE-2021-25050
Mitre link : CVE-2021-25050
CVE.ORG link : CVE-2021-25050
JSON object : View
Products Affected
wpchill
- remove_footer_credit
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')