First published: Mon Oct 18 2021(Updated: )
The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tipsandtricks-hq Compact Wp Audio Player | <1.9.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Compact WP Audio Player plugin is CVE-2021-24734.
CVE-2021-24734 has a severity value of 5.4 (medium).
The affected software of CVE-2021-24734 is the Compact WP Audio Player plugin before version 1.9.7.
CVE-2021-24734 is a vulnerability in the Compact WP Audio Player plugin that allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
To fix CVE-2021-24734, update the Compact WP Audio Player plugin to version 1.9.7 or later.