MX Time Zone Clocks <= 3.4 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability

Contributor

Published
2021-08-24

The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24671

CVSS

Score:6.9

Severity:Medium

Version: 3.4

There is a patch available in v3.4.1 and we strongly recommend you update to this version as soon as possible.