CVE-2021-24245

CVE-2021-24245: Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)

Vendor Trumani
Product Stop Spammers
Weakness CWE-79 · XSS
Published May 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.

Key dates

02Disclosure timeline

May 5, 2021 CVE published
August 3, 2024 Record updated