CVE-2021-24708

CVE-2021-24708: WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting

Vendor Unknown
Product Export any WordPress data to XML/CSV
Weakness CWE-79 · XSS
Published November 8, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

November 8, 2021 CVE published
August 3, 2024 Record updated