Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High0
Medium2
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2024-11-21

CVE-2021-24619 - Per Page Add To Head Plugin

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.

PLUGIN Per Page Add To Head

CVE-2021-24619

MEDIUM CVSS 4.8 2021-09-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24586 - Per Page Add To Head Plugin

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting (feature mentioned by the plugin), this could lead to Stored XSS issue which will be triggered either in the backend, frontend or both depending on the payload used.

PLUGIN Per Page Add To Head

CVE-2021-24586

MEDIUM CVSS 4.3 2021-09-13
Open Full Technical Breakdown
Scroll to top