← Back

Dynamic Widgets

dynamic_widgets

Vendor: Bootstrapped • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24933
1Bootstrapped
1Dynamic Widgets
Nov 21, 2024
Feb 28, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a...Show more
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issueShow less