CVE-2021-24372

CVE-2021-24372: WP Hardening < 1.2.2 - Reflected XSS via URI

Vendor Unknown
Product WP Hardening – Fix Your WordPress Security
Weakness CWE-79 · XSS
Published June 21, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.

Key dates

02Disclosure timeline

June 21, 2021 CVE published
August 3, 2024 Record updated