CVE-2021-24976

CVE-2021-24976: Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting

Vendor Unknown

Product Smart SEO Tool – SEO优化插件

Weakness CWE-79 · XSS

Published January 24, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

January 24, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24976 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-51609 WordPress Emoji Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability CVE-2021-3904 Cross-site Scripting (XSS) - Stored in getgrav/grav CVE-2026-24476 Shaarli vulnerable to stored XSS via Suggested Tags CVE-2024-47107 IBM QRadar SIEM cross-site scripting CVE-2024-36204 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)