CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24708 – WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24708
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Export any WordPress data to XML/CSV de WordPress versiones anteriores a 1.3.1, no escapa el nombre de su exportación antes de mostrarlo en la configuración de Manage Exports, que podría permitir a usuarios muy privilegiados llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/4560eef4-253b-49a4-8e20-9520c45c6f7f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •