CVE-2021-24785

CVE-2021-24785: Great Quotes <= 1.0.0 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Great Quotes

Weakness CWE-79 · XSS

Published October 25, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Great Quotes WordPress plugin through 1.0.0 does not sanitise and escape the Quote and Author fields of its Quotes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

Key dates

02Disclosure timeline

October 25, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24785

Related vulnerabilities

04Related CVE

CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) CVE-2018-25248 MyBB Downloads Plugin 2.0.3 Persistent XSS via downloads.php CVE-2023-0829 Cross-Site Scripting (XSS) vulnerability in Plesk CVE-2023-3469 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq CVE-2025-23576 WordPress WP Intro.JS Plugin plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability