Filtered by vendor Keyword Meta Project
Subscriptions
Filtered by product Keyword Meta
Subscriptions
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-24611 | 1 Keyword Meta Project | 1 Keyword Meta | 2021-09-13 | 5.4 Medium |
The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF attack. |
Page 1 of 1.