CVE-2021-24439

Published: 2021-07-12T20:15Z

Last Modified: 2024-11-21T05:53Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt