CVE-2021-24365

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.
Configurations

Configuration 1

cpe:2.3:a:admincolumns:admin_columns:*:*:*:*:pro:wordpress:*:*
cpe:2.3:a:admincolumns:admin_columns:*:*:*:*:free:wordpress:*:*

Information

Published : 2021-07-12 08:15

Updated : 2021-07-15 02:29


NVD link : CVE-2021-24365

Mitre link : CVE-2021-24365

Products Affected
No products.
CWE