CVE-2021-24287

MEDIUM NUCLEI

Mooveagency Select All Categories And... - XSS

Title source: rule

Description

The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue

Exploits (1)

exploitdb WORKING POC

by 0xB9 · textwebappsphp

https://www.exploit-db.com/exploits/50349

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf

Scores

CVSS v3 6.1

EPSS 0.2234

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

mooveagency/select_all_categories_and_taxonomies\,_change_checkbox_to_radio_buttons < 1.3.2

Published May 14, 2021

Tracked Since Feb 18, 2026