CVE-2021-24600

CVE-2021-24600: WP Dialog <= 1.2.5.5 - Authenticated Stored Cross-Site Scripting

Vendor Unknown

Product WP Dialog

Weakness CWE-79 · XSS

Published September 20, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

September 20, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24600 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-11770 Post Carousel & Slider <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-55651 i-Educar Stored Cross-Site Scripting vulnerability CVE-2023-50879 WordPress WordPress.com Editing Toolkit Plugin <= 3.78784 is vulnerable to Cross Site Scripting (XSS) CVE-2026-39935 XSS-via-i18n in localised wiki names CVE-2026-5070 Vantage <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content