The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
Metrics
Affected Vendors & Products
References
History
Fri, 14 Feb 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: Wordfence
Published: 2021-10-15T12:15:15.115Z
Updated: 2025-02-14T18:10:57.252Z
Reserved: 2021-08-20T00:00:00.000Z
Link: CVE-2021-39332

Updated: 2024-08-04T02:06:41.542Z

Status : Modified
Published: 2021-10-15T13:15:07.600
Modified: 2024-11-21T06:19:15.317
Link: CVE-2021-39332

No data.