CVE-2021-24452

CVE-2021-24452: W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

Vendor Boldgrid

Product W3 Total Cache

Weakness CWE-79 · XSS

Published July 19, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.

Key dates

02Disclosure timeline

July 19, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24452

Related vulnerabilities

04Related CVE

CVE-2026-32840 Edimax GS-5008PL <= 1.00.54 Stored XSS via Device Name CVE-2023-3058 07FLY CRM User Profile cross site scripting CVE-2023-5110 BSK PDF Manager <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-8146 Qi Addons for Elementor <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget CVE-2021-24299 ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)