VYPR

Hotjar Connecticator

by WordPress

CVEs (1)

  • CVE-2021-24301MedMay 24, 2021
    risk 0.35cvss 5.4epss 0.01

    The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by…