Medium severity5.4NVD Advisory· Published Nov 1, 2021· Updated Jun 17, 2026
CVE-2021-24685
CVE-2021-24685
Description
The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the payload)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Flat Preloaderdescription
- Range: <1.5.4
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/972ecde8-3d44-4dd9-81e3-643d8737434fnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.