CVE-2021-24994

CVE-2021-24994: WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting

Vendor Unknown

Product Migration, Backup, Staging – WPvivid Backup and Migration Plugin

Weakness CWE-79 · XSS

Published February 28, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue

Key dates

02Disclosure timeline

February 28, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24994

Related vulnerabilities

04Related CVE

CVE-2026-6619 langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting CVE-2024-54305 WordPress J&T Express Malaysia plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2020-5398 RFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application CVE-2025-22546 WordPress jQuery TwentyTwenty plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-30555 WordPress Ultimate Social Comments plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability