CVE-2021-24436: W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)
First published: Mon Jul 19 2021(Updated: )
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Boldgrid W3 Total Cache | <2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the W3 Total Cache WordPress plugin?
The vulnerability ID for the W3 Total Cache WordPress plugin is CVE-2021-24436.
What is the severity of CVE-2021-24436?
The severity of CVE-2021-24436 is medium (6.1).
What is the affected software for CVE-2021-24436?
The affected software for CVE-2021-24436 is the W3 Total Cache WordPress plugin version up to 2.1.4 by Boldgrid.
What is the CWE ID for CVE-2021-24436?
The CWE ID for CVE-2021-24436 is CWE-79.
How can I fix the CVE-2021-24436 vulnerability?
To fix the CVE-2021-24436 vulnerability, update the W3 Total Cache WordPress plugin to version 2.1.4 or higher.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/references
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/boldgrid
- canonical/boldgrid w3 total cache