The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-08-02T10:31:55
Updated: 2021-08-02T10:31:55
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24428
JSON object: View
NVD Information
Status : Modified
Published: 2021-08-02T11:15:08.827
Modified: 2023-11-07T03:31:15.093
Link: CVE-2021-24428
JSON object: View
Redhat Information
No data.
CWE