CVE-2021-24574
Simple Banner < 2.10.4 - Authenticated Stored XSS
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
23 Aug 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed.
Affected products
Unknown · Simple Banner