CVE-2021-24543

MEDIUM

jquery-reply-to-comment < 1.31 - Cross-Site Request Forgery and Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/aa23f743-811b-4fd1-81a9-42916342e312

Scores

CVSS v3 6.1
EPSS 0.0040
EPSS Percentile 31.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-352 CWE-79
Status published
Products (1)
jquery-reply-to-comment_project/jquery-reply-to-comment < 1.31
Published Oct 25, 2021
Tracked Since Feb 18, 2026