PT-2024-10892 · WordPress · The Simple Post
Vikas Srivastava
·
Published
2024-01-16
·
Updated
2024-08-29
·
CVE-2021-24567
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Simple Post WordPress plugin versions through 1.1
Description
The issue arises from the plugin's failure to sanitize user input when an authenticated user provides a Text value. As a result, these values are not escaped when outputted to the browser, leading to an Authenticated Stored XSS Cross-Site Scripting issue.
Recommendations
For The Simple Post WordPress plugin versions through 1.1, update to a version that addresses this issue, as the current version does not properly sanitize user input, leading to potential XSS attacks.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Simple Post