Vulnerabilities > CVE-2021-24305 - Unspecified vulnerability in Targetfirst Watcheezy 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Target First WordPress Plugin v2.0, also previously known as Watcheezy, suffers from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the 'weeWzKey' parameter that will be save as the 'weeID option and is not sanitized.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |