The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-01-24T08:00:56

Updated: 2024-08-03T19:49:13.407Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24936

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-24T08:15:08.850

Modified: 2024-11-21T05:54:02.550

Link: CVE-2021-24936

cve-icon Redhat

No data.