CVE-2021-34660 MEDIUM

CVE-2021-34660: WP Fusion Lite <= 3.37.18 Reflected Cross-Site Scripting

Vendor Very Good Plugins
Product WP Fusion Lite
Weakness CWE-79 · XSS
Published August 9, 2021
Last update May 23, 2025
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18.

Key dates

02Disclosure timeline

August 9, 2021 CVE published
May 23, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-24255 Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS) CVE-2026-1293 Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute CVE-2023-52083 Stored XSS through privileged upload of Media Manager file followed by renaming CVE-2022-3211 Cross-site Scripting (XSS) - Stored in pimcore/pimcore CVE-2026-21788 HCL Connections is vulnerable to cross-site scripting (XSS)