CVEs-PoC/2021/CVE-2021-24685.md at 52f3262c8d52545fc4e20c2a38454fc446c51385

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-26 13:37:50 +02:00

Files

T

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the payload)

POC

Reference

https://wpscan.com/vulnerability/972ecde8-3d44-4dd9-81e3-643d8737434f
https://wpscan.com/vulnerability/972ecde8-3d44-4dd9-81e3-643d8737434f

Github

No PoCs found on GitHub currently.

1.1 KiB Raw Blame History

CVE-2021-24685

Description

POC

Reference

Github

1.1 KiB

Raw Blame History