What the vulnerability does
01Description
The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2021-24979
CVE-2021-24979: Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting
CVSS base score
—
Key dates
02Disclosure timeline
December 27, 2021
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2022-0282 Cross-site Scripting in microweber/microweber
CVE-2025-30763 WordPress EO4WP plugin <= 1.0.8.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2024-9242 Memberful – Membership Plugin <= 1.73.7 - Authenticated (contributor+) Stored Cross-Site Scripting
CVE-2023-3890 Campcodes Beauty Salon Management System edit-accepted-appointment.php cross site scripting
CVE-2022-1568 Team Members < 5.1.1 - Admin+ Stored Cross-Site Scripting
