The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
References
Link | Resource |
---|---|
https://packetstormsecurity.com/files/163472/ | Exploit Third Party Advisory VDB Entry |
https://wpscan.com/vulnerability/53103cdc-a4bf-40fa-aeb1-790fc7a65f0a | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-08-16T10:48:24
Updated: 2021-08-16T10:48:24
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24518
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-16T11:15:08.593
Modified: 2021-08-23T18:52:06.397
Link: CVE-2021-24518
JSON object: View
Redhat Information
No data.
CWE