Description
The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-11259 | The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue |
References
History
No history.
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-08-03T19:28:23.463Z
Reserved: 2021-01-14T00:00:00.000Z
Link: CVE-2021-24346
No data.
Status : Modified
Published: 2021-06-14T14:15:08.143
Modified: 2026-06-17T03:39:52.280
Link: CVE-2021-24346
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD