← Back

Easy Twitter Feed

easy_twitter_feed

Vendor: Bplugins • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24413
1Bplugins
1Easy Twitter Feed
Nov 21, 2024
Oct 18, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will b...Show more
The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcodeShow less