CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24722 – Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-24722
The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Restaurant Menu by MotoPress de WordPress versiones anteriores a 2.4.2, no sanea adecuadamente las entradas al crear nuevos elementos de menú, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html está deshabilitada • https://wpscan.com/vulnerability/14b29450-2450-4b5f-8630-bb2cbfbd0a83 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •