CVE-2021-24434

CVE-2021-24434: Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)

Vendor Unknown
Product Glass
Weakness CWE-79 · XSS
Published July 12, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.

Key dates

02Disclosure timeline

July 12, 2021 CVE published
August 3, 2024 Record updated