Vulnerabilities > Plugin Planet > Prismatic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-12 | CVE-2021-24408 | Unspecified vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. | 5.4 |
| 2021-07-12 | CVE-2021-24409 | Unspecified vulnerability in Plugin-Planet Prismatic The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator | 6.1 |