Filtered by vendor Ultimate Nofollow Project Subscriptions
Filtered by product Ultimate Nofollow Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-24817 1 Ultimate Nofollow Project 1 Ultimate Nofollow 2024-08-03 5.4 Medium
The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks