1 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24933 – Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24933

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue El plugin Dynamic Widgets de WordPress versiones hasta 1.5.16, no escapa el parámetro prefix antes de devolverlo en un atributo cuando es usada la acción AJAX term_tree (disponible para cualquier usuario autenticado), conllevando a un problema de tipo Cross-Site Scripting Reflejado. • https://wpscan.com/vulnerability/b8e6f0d3-a7d1-4ca8-aba8-0d5075167d55 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •