Medium severity4.8NVD Advisory· Published Aug 23, 2021· Updated Jun 17, 2026
CVE-2021-24574
CVE-2021-24574
Description
The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Simple Bannerdescription
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2571047/nvdPatchThird Party Advisory
- wpscan.com/vulnerability/9adf7022-5108-43b7-bf0e-a42593185b74nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.