High severity8.8NVD Advisory· Published Aug 30, 2021· Updated Jun 17, 2026
CVE-2021-24581
CVE-2021-24581
Description
The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=21.06.01+ 1 more
- (no CPE)range: <=21.06.01
- (no CPE)range: <=21.06.01
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/75abd073-b45f-4fe6-8501-7a6d0163f78dnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.