CVE-2021-24436 Information

Description

The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the xtension\ parameter in the Extensions dashboard which is output in an attribute without being escaped first. This could allow an attacker who can convince an authenticated admin into clicking a link to run malicious JavaScript within the user’s web browser which could lead to full site compromise.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://wpscan.com/vulnerability/05988ebb-7378-4a3a-9d2d-30f8f58fe9ef

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1