The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:veronalabs:wp_sms:*:*:*:*:free:wordpress:*:* |
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-08-23T11:10:13
Updated: 2024-08-03T19:35:20.197Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24561
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-08-23T12:15:10.137
Modified: 2024-12-17T18:23:10.970
Link: CVE-2021-24561
Redhat
No data.