CVE-2021-24427: W3 Total Cache < 2.1.3 - Authenticated Stored XSS
First published: Mon Jul 12 2021(Updated: )
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Boldgrid W3 Total Cache | <2.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the W3 Total Cache WordPress plugin?
The vulnerability ID for the W3 Total Cache WordPress plugin is CVE-2021-24427.
What is the severity of CVE-2021-24427?
The severity of CVE-2021-24427 is medium with a severity value of 4.8.
What is the affected software for CVE-2021-24427?
The affected software for CVE-2021-24427 is Boldgrid W3 Total Cache version up to exclusive 2.1.3.
What is the CWE classification for CVE-2021-24427?
The CWE classification for CVE-2021-24427 is CWE-79.
How can I fix the vulnerability in the W3 Total Cache WordPress plugin?
To fix the vulnerability in the W3 Total Cache WordPress plugin, update to version 2.1.3 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/references
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/boldgrid
- canonical/boldgrid w3 total cache