VYPR

Light Messages

by WordPress

CVEs (1)

  • CVE-2021-24535MedAug 16, 2021
    risk 0.40cvss 6.1epss 0.00

    The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them (even with the unfiltered_html disallowed). As a result, an attacker could make a logged in admin update the settings to arbitrary…