CVE-2021-24681

CVE-2021-24681: Duplicate Page <= 4.4.2 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Duplicate Page

Weakness CWE-79 · XSS

Published October 11, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

October 11, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24681

Related vulnerabilities

04Related CVE

CVE-2024-47327 WordPress GEO my WP plugin <= 4.5.0.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-26006 CVE-2024-12493 Files Download Delay <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-32652 PiiGAB M-Bus Cross-site Scripting CVE-2023-25461 WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)