Lucene search
WPScanCVELIST:CVE-2021-24686HistoryFeb 01, 2022 - 12:21 p.m.
CVE-2021-24686 SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-02-0112:21:19
WPScan
www.cve.org
1
0.001 Low
EPSS
Percentile
21.4%
The SVG Support WordPress plugin before 2.3.20 does not escape the “CSS Class to target” setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Related
patchstack
patchstack
wpvulndb
wpvulndb
SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-01-03 00:00:00
prion
prion
Cross site scripting
2022-02-01 13:15:00
wpexploit
wpexploit
SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-01-03 00:00:00
cve
cve
CVE-2021-24686
2022-02-01 13:15:08
openvas
openvas
WordPress SVG Support Plugin < 2.3.20 XSS Vulnerability
2022-02-08 00:00:00
nvd
nvd
CVE-2021-24686
2022-02-01 13:15:08
cnvd
cnvd
WordPress SVG Support plugin cross-site scripting vulnerability
2022-02-10 00:00:00