Lucene search
WPScanCVELIST:CVE-2021-24686HistoryFeb 01, 2022 - 12:21 p.m.
CVE-2021-24686 SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-02-0112:21:19
WPScan
www.cve.org
4
wordpress
cross-site scripting
cve-2021-24686
EPSS
0.001
Percentile
21.4%
The SVG Support WordPress plugin before 2.3.20 does not escape the “CSS Class to target” setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Related
prion
prion
Cross site scripting
2022-02-01 13:15:00
wpvulndb
wpvulndb
SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-01-03 00:00:00
wpexploit
wpexploit
SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-01-03 00:00:00
openvas
openvas
WordPress SVG Support Plugin < 2.3.20 XSS Vulnerability
2022-02-08 00:00:00
cve
cve
CVE-2021-24686
2022-02-01 13:15:08
patchstack
patchstack
nvd
nvd
CVE-2021-24686
2022-02-01 13:15:08
cnvd
cnvd
WordPress SVG Support plugin cross-site scripting vulnerability
2022-02-10 00:00:00