CVE-2021-24871

CVE-2021-24871: Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting

Vendor Unknown
Product Get Custom Field Values
Weakness CWE-79 · XSS
Published December 13, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

Key dates

02Disclosure timeline

December 13, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-41656 Sentry vulnerable to stored Cross-Site Scripting (XSS) CVE-2025-2127 JoomlaUX JUX Real Estate realties cross site scripting CVE-2024-8276 WPZOOM Portfolio Lite – Filterable Portfolio Plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute CVE-2023-2558 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2026-32532 WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability