Lucene search
WPScanCVELIST:CVE-2021-24452HistoryJul 19, 2021 - 10:53 a.m.
CVE-2021-24452 W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
2021-07-1910:53:17
CWE-79
WPScan
www.cve.org
4
cve-2021-24452
w3 total cache
reflected xss
wordpress plugin
extensions page
js context
cross-site scripting
anonymously track usage
admin
malicious javascript
site compromise
EPSS
0.001
Percentile
43.5%
The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the “extension” parameter in the Extensions dashboard, when the ‘Anonymously track usage to improve product quality’ setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user’s web browser, which could lead to full site compromise.
CNA Affected
[
{
"product": "W3 Total Cache",
"vendor": "BoldGrid",
"versions": [
{
"lessThan": "2.1.5",
"status": "affected",
"version": "2.1.5",
"versionType": "custom"
}
]
}
]Related
nuclei
nuclei
WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting
2023-03-18 22:07:09
nvd
nvd
CVE-2021-24452
2021-07-19 11:15:08
prion
prion
Cross site scripting
2021-07-19 11:15:00
wpvulndb
wpvulndb
W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
2021-06-28 00:00:00
openvas
openvas
WordPress W3 Total Cache Plugin < 2.1.5 XSS Vulnerability
2022-06-23 00:00:00
patchstack
patchstack
wpexploit
wpexploit
W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
2021-06-28 00:00:00
cve
cve
CVE-2021-24452
2021-07-19 11:15:08