Vulnerabilities

CVE-2021-24664

by Fred · 08/11/2021

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.

Date published : 2021-11-08

http://packetstormsecurity.com/files/164974/WordPress-WPSchoolPress-2.1.16-Cross-Site-Scripting.html

https://wpscan.com/vulnerability/3f8e170c-6579-4b1a-a1ac-7d93da17b669

Similar

Tags: Cybersecurity Alert