Medium severity5.4NVD Advisory· Published Jun 14, 2021· Updated Jun 17, 2026
CVE-2021-24382
CVE-2021-24382
Description
The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <3.5.0.9
- Range: <3.5.0.9
- Nextend/Smart Slider 3v5Range: 3.5.0.9
Patches
Vulnerability mechanics
References
2- smartslider.helpscoutdocs.com/article/1746-changelognvdPatchVendor Advisory
- wpscan.com/vulnerability/7b32a282-e51f-4ee5-b59f-5ba10e62a54dnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.