CVE-2021-24607

CVE-2021-24607: Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Storefront Footer Text

Weakness CWE-79 · XSS

Published November 8, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed.

Key dates

02Disclosure timeline

November 8, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24607 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-44470 AEM Reflected XSS Arbitrary code execution CVE-2023-4718 Font Awesome 4 Menus <= 4.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-3021 Cross-site Scripting (XSS) - Stored in mkucej/i-librarian-free CVE-2024-51575 WordPress Extender All In One For Elementor plugin <= 1.0.3 - Stored Cross Site Scripting (XSS) vulnerability CVE-2024-53766 WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability