CVE-2021-33851 - AskarLabs CVE Database

CVE-2021-33851

Vendor N/A

Product WordPress Customize Login Image Plugin

Weakness CWE-79 · XSS

Published March 9, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.

Key dates

02Disclosure timeline

March 9, 2022 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-33851

Related vulnerabilities

04Related CVE

CVE-2024-8563 SourceCodester PHP CRUD update.php cross site scripting CVE-2025-0538 code-projects Tourism Management System manage-pages.php cross site scripting CVE-2025-11134 Cudy TR1200 Wireless Settings config cross site scripting CVE-2025-7655 Live Stream Badger <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-1065 Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File