CVE-2021-24932

CVE-2021-24932: Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting

Vendor Unknown
Product Auto Featured Image (Auto Post Thumbnail)
Weakness CWE-79 · XSS
Published December 13, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue.

Key dates

02Disclosure timeline

December 13, 2021 CVE published
August 3, 2024 Record updated