Medium severity4.3NVD Advisory· Published Sep 13, 2021· Updated Jun 17, 2026
CVE-2021-24431
CVE-2021-24431
Description
The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Language Bar Flagsdescription
- Range: <=1.0.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/ae50cec9-5f80-4221-b6a8-4593ab66c37bnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.