CVE-2021-24599

CVE-2021-24599: Email Encoder < 2.1.2 - Reflected Cross Site Scripting

Vendor Unknown

Product Email Encoder – Protect Email Addresses

Weakness CWE-79 · XSS

Published September 6, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data.

Key dates

02Disclosure timeline

September 6, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24599 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-1103 CodeAstro Real Estate Management System Feedback Form profile.php cross site scripting CVE-2025-13245 code-projects Student Information System editprofile.php cross site scripting CVE-2025-5723 SourceCodester Student Result Management System Classes Page classes cross site scripting CVE-2026-4616 bolo-blog Article Title article cross site scripting CVE-2024-56036 WordPress odPhotogallery plugin <= 0.5.3 - Reflected Cross Site Scripting (XSS) vulnerability