CVE-2021-24464

CVE-2021-24464: YouTube Embed, Playlist and Popup < 2.3.9 - Contributor+ Stored XSS

Vendor Unknown

Product YouTube Embed, Playlist and Popup by WpDevArt

Weakness CWE-79 · XSS

Published August 2, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor, leading to an authenticated Stored Cross-Site Scripting issue.

Key dates

02Disclosure timeline

August 2, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24464 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-14275 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CVE-2024-56241 WordPress WPKoi Templates for Elementor plugin <= 3.1.3 - Cross Site Scripting (XSS) vulnerability CVE-2023-22932 Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise CVE-2025-9681 O2OA Personal Profile agent cross site scripting CVE-2022-0954 Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in microweber/microweber