Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36919: WordPress Awesome Support plugin <= 6.0.6 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities - Patchstack

Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee).

CVE
Open in Source
#xss#vulnerability#web

awesome-support

Software

Awesome Support

Vulnerable Versions

<= 6.0.6

Fixed in version

6.0.7

CVE

CVE-2021-36919

References

Credits

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-11-26

CVSS 3.0 score

Are your websites subject to this vulnerability?

Details

Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities were discovered by Ex.Mi in WordPress Awesome Support plugin (versions <= 6.0.6).

Solution

Update the WordPress Awesome Support plugin to the latest available version (at least 6.0.7).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE