The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
History

Tue, 17 Dec 2024 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:veronalabs:wp_sms:*:*:*:*:*:wordpress:*:* cpe:2.3:a:veronalabs:wp_sms:*:*:*:*:free:wordpress:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-08-23T11:10:13

Updated: 2024-08-03T19:35:20.197Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24561

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-08-23T12:15:10.137

Modified: 2024-12-17T18:23:10.970

Link: CVE-2021-24561

cve-icon Redhat

No data.