CVE-2021-24768

CVE-2021-24768: WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More

Weakness CWE-79 · XSS

Published November 29, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.

Key dates

02Disclosure timeline

November 29, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24768 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2021-24768: WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting

01Description

02Disclosure timeline

03References

04Related CVE