Back to search
CVE-2021-24436
Published: Jul 19, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.
| Vendor | Product | Versions |
|---|---|---|
BoldGrid | W3 Total Cache | affected 2.1.4 - < 2.1.4 |
Weaknesses (CWE)
References
https://wpscan.com/vulnerability/05988ebb-7378-4a3a-9d2d-30f8f58fe9ef
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now