CVE-2021-24436

MEDIUM NUCLEI

Boldgrid W3 Total Cache < 2.1.4 - XSS

Title source: rule

Description

The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.

Nuclei Templates (1)

WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting

MEDIUMVERIFIEDby theamanrawat

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/05988ebb-7378-4a3a-9d2d-30f8f58fe9ef

Scores

CVSS v3 6.1

EPSS 0.0505

EPSS Percentile 89.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

boldgrid/w3_total_cache < 2.1.4

Published Jul 19, 2021

Tracked Since Feb 18, 2026