vulnerability

WordPress Plugin: youforms-free-for-copecart: CVE-2021-24596: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Jul 30, 2021	May 15, 2025	May 15, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Jul 30, 2021

Added

May 15, 2025

Modified

May 15, 2025

Description

The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Solution

youforms-free-for-copecart-plugin-cve-2021-24596

References

URL-https://www.cve.org/CVERecord?id=CVE-2021-24596
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d67b80-67b7-4194-ab90-e9f8cea1ac33?source=api-prod
CVE-2021-24596
https://attackerkb.com/topics/CVE-2021-24596

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today