CVE-2021-24676

CVE-2021-24676: Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting

Vendor Unknown
Product Better Find and Replace
Weakness CWE-79 · XSS
Published October 4, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

October 4, 2021 CVE published
August 3, 2024 Record updated