← Back

Sitewide Notice

sitewide_notice

Vendor: Yoohooplugins • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24592
1Yoohooplugins
1Sitewide Notice
Jun 17, 2026
Aug 30, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfi...Show more
The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedShow less