CVE-2021-24581

CVE-2021-24581: Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS)

Vendor Unknown
Product Blue Admin
Weakness CWE-352 · CSRF
Published August 30, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.

Key dates

02Disclosure timeline

August 30, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-54397 WordPress Go Animate plugin <= 1.0 - CSRF to Stored XSS vulnerability CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure CVE-2025-62797 CSRF in FluxCP account endpoints allows account takeover / state-changing actions CVE-2025-32576 WordPress WP shop plugin <= 2.6.1 - CSRF to Arbitrary File Upload vulnerability CVE-2020-3114 Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability