CVE-2021-24708

State: PUBLISHED · Published: 2021-11-08 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Unknown / Export any WordPress data to XML/CSV — v=1.3.1 <1.3.1 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/4560eef4-253b-49a4-8e20-9520c45c6f7f x_refsource_MISC

Source

cvelistV5-main/cves/2021/24xxx/CVE-2021-24708.json