CVE-2021-24434
12.07.2021, 20:15
The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
| Vendor | Product | Version |
|---|---|---|
| codeblab | glass | 𝑥 ≤ 1.3.2 |
𝑥
= Vulnerable software versions