CVE-2021-24982

CVE-2021-24982: Child Theme Generator <= 2.2.7 - Reflected Cross-Site Scripting

Vendor Unknown

Product Child Theme Generator

Weakness CWE-79 · XSS

Published March 14, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard

Key dates

02Disclosure timeline

March 14, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24982 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-67918 WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability CVE-2024-4783 jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode CVE-2023-1316 Cross-site Scripting (XSS) - Stored in osticket/osticket CVE-2026-26266 AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering CVE-2024-30214 Cross-Site Scripting (XSS) vulnerability in SAP Business Connector