CVE-2021-24973

CVE-2021-24973: Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting

Vendor Unknown
Product Site Reviews
Weakness CWE-79 · XSS
Published January 3, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin

Key dates

02Disclosure timeline

January 3, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE