What is CVE-2021-24427?

CVE-2021-24427 is a vulnerability in Boldgrid W3 Total Cache, classified under Cross-site Scripting. Published 2021-07-12.

Is CVE-2021-24427 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Boldgrid W3 Total Cache

CVE-2021-24427

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (62.3th percentile) — read the EPSS interpretation.

Affected products

Boldgrid W3 Total Cache — versions 2.1.3

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/5da5ce9a-82a6-404f-8dec-795d7905b3f9 (x_refsource_CONFIRM)
m0ze.ru/vulnerability/[2021-04-25]-[WordPress]-[CWE-79]-W3-Total-Cache-WordPres… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24427?: CVE-2021-24427 is a vulnerability in Boldgrid W3 Total Cache, classified under Cross-site Scripting. Published 2021-07-12.
Is CVE-2021-24427 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.