What the vulnerability does
01Description
The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability.
CVE-2021-24367
CVE-2021-24367: WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)
CVSS base score
—
Key dates
02Disclosure timeline
June 21, 2021
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-45613 CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package
CVE-2019-16780 Stored cross-site scripting (XSS) in WordPress block editor
CVE-2022-2375 WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS
CVE-2025-5678 Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter
CVE-2024-12393 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
