CVE-2021-24135

CVE-2021-24135: WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS

Vendor Unknown

Product WP Customer Reviews

Weakness CWE-79 · XSS

Published March 18, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML.

Key dates

02Disclosure timeline

March 18, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24135

Related vulnerabilities

04Related CVE

CVE-2019-25397 IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi CVE-2022-2843 MotoPress Timetable and Event Schedule Quick Edit admin-ajax.php cross site scripting CVE-2022-2885 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm CVE-2024-35711 WordPress Event theme <= 1.2.2 - Cross Site Scripting (XSS) vulnerability CVE-2022-47598 WordPress WP Super Popup Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)