What the vulnerability does
01Description
The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue.
CVE-2021-24587
CVE-2021-24587: Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS)
CVSS base score
—
Key dates
02Disclosure timeline
September 20, 2021
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-30918 facileManager Affected by Reflected Cross-Site Scripting (XSS)
CVE-2024-0689 Custom Field Suite <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2023-38061
CVE-2024-7285 SourceCodester Establishment Billing Management System cross site scripting
CVE-2025-59840 Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
