CVE-2021-24296

CVE-2021-24296: WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Go Web Solutions
Product WP Customer Reviews
Weakness CWE-79 · XSS
Published May 24, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled

Key dates

02Disclosure timeline

May 24, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE