CVE-2021-24934

CVE-2021-24934: Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting

Vendor Unknown
Product Visual CSS Style Editor
Weakness CWE-79 · XSS
Published February 1, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

February 1, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-3208 Sydney Toolbox <= 1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery CVE-2026-8873 Content Slideshow <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2025-1597 SourceCodester Best Church Management Software redirect.php cross site scripting CVE-2024-3030 Announce from the Dashboard <= 1.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-4771 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')