CVE-2021-24904 – Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24904

11 Jan 2022 — The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin WP Mortgage Calculators de WordPress versiones anteriores a 1.56, no implementa ningún tipo de saneo en la configuración del color del fondo de una calculadora, lo que podría permitir a usuarios con altos privil... • https://www.exploit-db.com/exploits/50685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •