Medium severity6.1NVD Advisory· Published May 24, 2021· Updated Jun 17, 2026
CVE-2021-24294
CVE-2021-24294
Description
The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard (wp-admin/admin.php?page=dsgvoaiofree-show-log). This could allow unauthenticated attackers to gain unauthorised access by using an XSS payload to create a rogue administrator account, which will be trigged when an administrator will view the logs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<4.0+ 1 more
- (no CPE)range: <4.0
- (no CPE)range: <4.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/43b8cfb4-f875-432b-8e3b-52653fdee87cnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.