CVE-2021-24431

CVE-2021-24431: Language Bar Flags <= 1.0.8 - CSRF to Stored XSS

Vendor Unknown
Product Language Bar Flags
Weakness CWE-79 · XSS
Published September 13, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users

Key dates

02Disclosure timeline

September 13, 2021 CVE published
August 3, 2024 Record updated