CVE-2021-24979
27.12.2021, 11:15
The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Vendor | Product | Version |
---|---|---|
strangerstudios | paid_memberships_pro | 𝑥 < 2.6.6 |
𝑥
= Vulnerable software versions
References