CVE-2021-24424

CVE-2021-24424: WP Reset < 1.90 - Authenticated Stored XSS

Vendor Unknown
Product WP Reset – Most Advanced WordPress Reset Tool
Weakness CWE-79 · XSS
Published July 12, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

Key dates

02Disclosure timeline

July 12, 2021 CVE published
August 3, 2024 Record updated