← Back

Accordion

accordion

Vendor: Pickplugins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24283
1Pickplugins
1Accordion
Nov 21, 2024
May 14, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.
CVE-2020-13644
1Pickplugins
1Accordion
Nov 21, 2024
May 28, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability...Show more
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion.Show less