CVE-2021-24411

CVE-2021-24411: Social Tape <= 1.0 - CSRF to Stored XSS

Vendor Unknown

Product Social Tape

Weakness CWE-79 · XSS

Published August 16, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack

Key dates

02Disclosure timeline

August 16, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24411

Related vulnerabilities

04Related CVE

CVE-2023-5701 vnotex vnote Markdown File cross site scripting CVE-2025-68894 WordPress ShoutOut plugin <= 4.0.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-39220 XSS Vulnerabilities in WebClient CVE-2025-62459 Microsoft Defender Portal Spoofing Vulnerability CVE-2024-1519 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting