Unrated severityNVD Advisory· Published Jan 24, 2022· Updated Aug 3, 2024

WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting

CVE-2021-24936

Description

The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/WP Extra File Typesdescription
WordPress/WP Extra File Typesllm-create
Range: <0.5.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/4fb61b84-ff5f-4b4c-a516-54b749f9611emitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000