CVE-2021-24936

CVE-2021-24936: WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting

Vendor Unknown
Product WP Extra File Types
Weakness CWE-352 · CSRF
Published January 24, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks

Key dates

02Disclosure timeline

January 24, 2022 CVE published
August 3, 2024 Record updated