← back
CVE-2021-24297

Goto < 2.1 - Reflected Cross-Site Scripting (XSS)

EPSS 0.8%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
24 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.
Affected products
Unknown · Goto