← Back

CVE-2021-24298

Published: May 24, 2021Modified: Jun 17, 2026

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS

Affected (1)

1 product
Simple Giveaways
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Before 2.36.2

References (4)

Source: contact@wpscan.com
ExploitThird Party Advisory
Source: contact@wpscan.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.