Medium severity5.4NVD Advisory· Published Mar 10, 2022· Updated Jun 17, 2026
CVE-2021-33851
CVE-2021-33851
Description
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.
Affected products
1Patches
Vulnerability mechanics
References
1- cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.htmlnvdExploitMitigationThird Party Advisory
News mentions
0No linked articles in our index yet.