Lucene search
RenniepakWPEX-ID:3E855E09-056F-45B5-89A9-D644B7D8C9D0HistoryJun 28, 2021 - 12:00 a.m.
W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
2021-06-2800:00:00
renniepak
190
w3 total cache
reflected xss
extensions page
anonymously track usage
security exploit
EPSS
0.001
Percentile
43.5%
The plugin was affected by a reflected Cross-Site Scripting (XSS) issue within the “extension” parameter in the Extensions dashboard, when the ‘Anonymously track usage to improve product quality’ setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user’s web browser, which could lead to full site compromise.
With the 'Anonymously track usage to improve product quality' settings (in the plugin General Settings) turned on, open the URL below
https://example.com/wp-admin/admin.php?page=w3tc_extensions&extension=%27-alert%28document.domain%29-%27Related
nuclei
nuclei
WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting
2023-03-18 22:07:09
nvd
nvd
CVE-2021-24452
2021-07-19 11:15:08
prion
prion
Cross site scripting
2021-07-19 11:15:00
wpvulndb
wpvulndb
W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
2021-06-28 00:00:00
openvas
openvas
WordPress W3 Total Cache Plugin < 2.1.5 XSS Vulnerability
2022-06-23 00:00:00
patchstack
patchstack
cvelist
cvelist
cve
cve
CVE-2021-24452
2021-07-19 11:15:08