2 matches found
CVE-2021-24436 W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince ...
CVE-2021-24436
The CVE-2021-24436 entry concerns the WordPress W3 Total Cache plugin prior to version 2.1.4. A reflected XSS vulnerability exists in the extension parameter of the Extensions dashboard, where the value is output inside an attribute without proper escaping. This can allow an attacker to persuade ...