CVE-2021-24714: XSS
First published: Mon Dec 06 2021(Updated: )
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Soflyy Wp All Import | <3.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-24714?
CVE-2021-24714 is a vulnerability in the Import any XML or CSV File to WordPress plugin before version 3.6.3 that allows high privilege users to perform Cross-Site attacks.
How does CVE-2021-24714 impact WordPress?
CVE-2021-24714 affects the Import any XML or CSV File to WordPress plugin, potentially allowing high privilege users to perform Cross-Site attacks.
What is the severity of CVE-2021-24714?
CVE-2021-24714 has a severity rating of medium with a CVSS score of 4.8.
Which version of the Import any XML or CSV File to WordPress plugin is affected?
Versions of the Import any XML or CSV File to WordPress plugin up to but exclusive of 3.6.3 are affected by CVE-2021-24714.
How can I fix CVE-2021-24714?
To fix CVE-2021-24714, update the Import any XML or CSV File to WordPress plugin to version 3.6.3 or later.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/soflyy
- canonical/soflyy wp all import