Vulnerabilities > Plugin Planet > Prismatic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-12 | CVE-2021-24408 | Cross-site Scripting vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. | 3.5 |
| 2021-07-12 | CVE-2021-24409 | Cross-site Scripting vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator | 4.3 |