Unauthenticated Endpoint in Email Encoder WordPress Plugin Allows HTML Injection
CVE-2021-24599 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data.
Learn more about our Wordpress Pen Testing.