CVE-2021-24745 – About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24745

The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks. El plugin About Author Box de WordPress versiones anteriores a 1.0.2, no sanea y escapa de los valores del campo Social Profiles antes de mostrarlos en los atributos, lo que podría permitir a un usuario con un rol tan bajo como el de colaborador llevar a cabo ataques de tipo Cross-Site Scripting • https://wpscan.com/vulnerability/a965aeca-d8f9-4070-aa0d-9c9b95493dda • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •