CVE-2021-24411
MEDIUMSocial Tape < 1.0 - Stored Cross-Site Scripting via CSRF Attack
Title source: llmDescription
The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/ebe7f625-67e1-4df5-a569-20526dd57b24
Scores
CVSS v3
6.1
EPSS
0.0041
EPSS Percentile
33.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-352
CWE-79
Status
published
Products (1)
social_tape_project/social_tape
< 1.0
Published
Aug 16, 2021
Tracked Since
Feb 18, 2026