Lucene search
PRIOn knowledge basePRION:CVE-2021-24686HistoryFeb 01, 2022 - 1:15 p.m.
Cross site scripting
2022-02-0113:15:00
PRIOn knowledge base
www.prio-n.com
0.001 Low
EPSS
Percentile
21.4%
The SVG Support WordPress plugin before 2.3.20 does not escape the “CSS Class to target” setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| svg_support | lt | 2.3.20 |
Related
nvd
nvd
CVE-2021-24686
2022-02-01 13:15:08
wpvulndb
wpvulndb
SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-01-03 00:00:00
wpexploit
wpexploit
SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-01-03 00:00:00
patchstack
patchstack
cvelist
cvelist
CVE-2021-24686 SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-02-01 12:21:19
cnvd
cnvd
WordPress SVG Support plugin cross-site scripting vulnerability
2022-02-10 00:00:00
cve
cve
CVE-2021-24686
2022-02-01 13:15:08
openvas
openvas
WordPress SVG Support Plugin < 2.3.20 XSS Vulnerability
2022-02-08 00:00:00