The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-12-21T08:45:37

Updated: 2024-08-03T19:49:13.877Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24941

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-12-21T09:15:07.187

Modified: 2024-11-21T05:54:03.097

Link: CVE-2021-24941

cve-icon Redhat

No data.