CVE-2021-24350

CVE-2021-24350: Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown

Product Visitors

Weakness CWE-79 · XSS

Published June 14, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.

Key dates

02Disclosure timeline

June 14, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24350

Related vulnerabilities

04Related CVE

CVE-2023-2031 Locatoraid Store Locator <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-51948 Stored XSS vulnerability in Rest Services under Job ID CVE-2022-4928 icplayer presenter.js AddonText_Selection_create cross site scripting CVE-2024-11881 Easy Waveform Player <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-58821 WordPress WP Notification Bell plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability