CVE-2021-24277

CVE-2021-24277: RSS for Yandex Turbo < 1.30 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Flector
Product RSS for Yandex Turbo
Weakness CWE-79 · XSS
Published May 14, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues

Key dates

02Disclosure timeline

May 14, 2021 CVE published
August 3, 2024 Record updated