CVE-2021-24855

CVE-2021-24855: Display Post Metadata < 1.5.0 - Contributor+ Stored Cross-Site Scripting

Vendor Unknown
Product Display Post Metadata
Weakness CWE-79 · XSS
Published December 13, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks

Key dates

02Disclosure timeline

December 13, 2021 CVE published
August 3, 2024 Record updated