Unrated severityNVD Advisory· Published Oct 4, 2021· Updated Aug 3, 2024
CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24678
Description
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/CM Tooltip Glossarydescription
- Range: <3.9.21
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/b83880f7-8614-4409-9305-d059b5df15ddmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.