Medium severity4.8NVD Advisory· Published Aug 16, 2021· Updated Jun 17, 2026
CVE-2021-24518
CVE-2021-24518
Description
The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WPFront Notification Bardescription
- Range: <2.0.0.07176
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/163472/nvdExploitThird Party AdvisoryVDB Entry
- wpscan.com/vulnerability/53103cdc-a4bf-40fa-aeb1-790fc7a65f0anvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.