← back
CVE-2021-24574

Simple Banner < 2.10.4 - Authenticated Stored XSS

EPSS 0.7%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Aug 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed.
Affected products
Unknown · Simple Banner