CVE-2021-24681

The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:duplicatepro:duplicate_page:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-10-11 11:15

Updated : 2021-10-15 16:23


NVD link : CVE-2021-24681

Mitre link : CVE-2021-24681

CVE.ORG link : CVE-2021-24681


JSON object : View

Products Affected

duplicatepro

  • duplicate_page
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')