CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Draftpress: >> My Site Audit Security Vulnerabilities

CVE-2021-24445

The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue

CVSS Score

5.5

EPSS Score

0.003

Published

2021-08-16

Page 1

Vulnerabilities

Vulnerable Software

Draftpress: >> My Site Audit Security Vulnerabilities

Products

Pricing

Contact Us