mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-12 21:42:20 +02:00
0xMarcio
949 B
949 B
CVE-2021-24771
&color=brighgreen)
Description
The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfiltered_html capability is disallowed
POC
Reference
- https://wpscan.com/vulnerability/a6d57fda-79a7-4bf8-b18e-8cf0a4efd1b3
- https://wpscan.com/vulnerability/a6d57fda-79a7-4bf8-b18e-8cf0a4efd1b3
Github
No PoCs found on GitHub currently.