The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to a Stored Cross-Site Scripting issue
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-10-25T13:20:36
Updated: 2024-08-03T19:35:20.144Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24487
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-25T14:15:10.093
Modified: 2024-11-21T05:53:09.843
Link: CVE-2021-24487
Redhat
No data.