CVE-2021-24807

MEDIUM

Support Board WP <3.3.5 - XSS

Title source: llm

Description

The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.

Exploits (2)

nomisec WRITEUP 1 stars

by dldygnl · poc

https://github.com/dldygnl/CVE-2021-24807

View Code ZIP pw:eip

inthewild WRITEUP

poc

https://github.com/itsjeffersonli/cve-2021-24807

View Code ZIP pw:eip

References (3)

[Various Sources] https://medium.com/%40lijohnjefferson/cve-2021-24807-6bc22af2a444

[Exploit, Third Party Advisory] https://github.com/itsjeffersonli/CVE-2021-24807

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/19d101aa-4b60-4db4-a33b-86c826b288b0

Scores

CVSS v3 5.4

EPSS 0.0704

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

schiocco/support_board < 3.3.5

Published Nov 08, 2021

Tracked Since Feb 18, 2026