High severity8.8NVD Advisory· Published Oct 25, 2021· Updated Jun 17, 2026
CVE-2021-24487
CVE-2021-24487
Description
The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to a Stored Cross-Site Scripting issue
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/St-Daily-Tipdescription
- Range: <=4.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/def352f8-1bbe-4263-ad1a-1486140269f4nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.