The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)
References
Link | Resource |
---|---|
https://theplusaddons.com/changelog/ | Release Notes Vendor Advisory |
https://wpscan.com/vulnerability/2ee62f85-7aea-4b7d-8b2d-5d86d9fb8016 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-06-14T13:37:13
Updated: 2021-06-14T13:37:13
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24351
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-14T14:15:08.527
Modified: 2021-06-21T16:02:41.120
Link: CVE-2021-24351
JSON object: View
Redhat Information
No data.
CWE