CVE-2021-24699

CVE-2021-24699: Easy Media Download < 1.1.7 - Contributor+ Stored Cross-Site Scripting

Vendor Unknown
Product Easy Media Download
Weakness CWE-79 · XSS
Published October 25, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.

Key dates

02Disclosure timeline

October 25, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-11801 AudioTube <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-43812 CVE-2024-4866 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CVE-2026-4914 CVE-2024-9071 Easy Demo Importer – A Modern One-Click Demo Import Solution <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload