CVE-2021-24574

CVE-2021-24574: Simple Banner < 2.10.4 - Authenticated Stored XSS

Vendor Unknown
Product Simple Banner
Weakness CWE-79 · XSS
Published August 23, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

August 23, 2021 CVE published
August 3, 2024 Record updated