CVE-2021-24821

The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page)
References
Configurations

Configuration 1

cpe:2.3:a:nicdark:cost_calculator:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-03-07 09:15

Updated : 2022-03-11 06:05


NVD link : CVE-2021-24821

Mitre link : CVE-2021-24821

Products Affected
No products.
CWE