CVE-2021-24436

CVE-2021-24436: W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

Vendor Boldgrid
Product W3 Total Cache
Weakness CWE-79 · XSS
Published July 19, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.

Key dates

02Disclosure timeline

July 19, 2021 CVE published
August 3, 2024 Record updated