Lucene search
Shivam RaiWPEX-ID:38018695-901D-48D9-B39A-7C00DF7F0A4BHistoryJan 03, 2022 - 12:00 a.m.
SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-01-0300:00:00
Shivam Rai
217
0.001 Low
EPSS
Percentile
21.4%
The plugin does not escape the “CSS Class to target” setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
With the Advanced Mode enabled, put the following payload in the "CSS Class to target" setting: "><script>alert(/XSS/)</script>Related
nvd
nvd
CVE-2021-24686
2022-02-01 13:15:08
wpvulndb
wpvulndb
SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-01-03 00:00:00
prion
prion
Cross site scripting
2022-02-01 13:15:00
patchstack
patchstack
cvelist
cvelist
CVE-2021-24686 SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
2022-02-01 12:21:19
cnvd
cnvd
WordPress SVG Support plugin cross-site scripting vulnerability
2022-02-10 00:00:00
cve
cve
CVE-2021-24686
2022-02-01 13:15:08
openvas
openvas
WordPress SVG Support Plugin < 2.3.20 XSS Vulnerability
2022-02-08 00:00:00