The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2637305 | Patch Third Party Advisory |
https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-01-24T08:01:02
Updated: 2022-01-24T08:01:02
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24976
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-24T08:15:09.043
Modified: 2022-01-28T03:23:48.057
Link: CVE-2021-24976
JSON object: View
Redhat Information
No data.
CWE