CVE-2021-24530

CVE-2021-24530: Alojapro Widget <= 1.1.15 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown

Product Alojapro Widget

Weakness CWE-79 · XSS

Published September 20, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

September 20, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24530

Related vulnerabilities

04Related CVE

CVE-2024-3791 Cross-site Scripting vulnerability in WBSAirback CVE-2025-4172 VerticalResponse Newsletter Widget <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-40978 Multiple vulnerabilities in WorkDo products CVE-2024-47389 WordPress NEX-Forms plugin <= 8.7.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-0501 SourceCodester House Rental Management System Manage Invoice Details cross site scripting