The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/8d015eba-31dc-44cb-a051-4e95df782b75/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-16T15:52:25.423Z
Updated: 2024-01-16T15:52:25.423Z
Reserved: 2022-04-29T09:30:03.602Z
Link: CVE-2021-4227
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-16T16:15:09.270
Modified: 2024-01-19T15:29:25.803
Link: CVE-2021-4227
JSON object: View
Redhat Information
No data.
CWE