CVE-2021-24558

CVE-2021-24558: Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS)

Vendor Unknown

Product Project Status

Weakness CWE-79 · XSS

Published August 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue

Key dates

02Disclosure timeline

August 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24558 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-69003 WordPress KenthaRadio theme <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-32802 WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS) CVE-2023-36806 Contao cross site scripting vulnerability via input unit widget CVE-2025-48263 WordPress MultiVendorX plugin <= 4.2.22 - Cross Site Scripting (XSS) Vulnerability CVE-2018-0145