CVE-2021-24124

CVE-2021-24124: WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS)

Vendor Unknown

Product WP Shieldon

Weakness CWE-79 · XSS

Published March 18, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation.

Key dates

02Disclosure timeline

March 18, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24124

Related vulnerabilities

04Related CVE

CVE-2024-9220 LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting CVE-2025-50021 WordPress Better Random Redirect plugin <= 1.3.20 - Cross Site Scripting (XSS) Vulnerability CVE-2025-11727 Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting CVE-2022-1776 Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting CVE-2023-33312 WordPress Easy Captcha Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)