CVE-2021-3124

MEDIUM

Custom Global Variables 1.0.5 - Stored Cross-Site Scripting via vars[0][name] Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3124. PoCs published by Swapnil Subhash Bodekar.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in the WordPress Custom Global Variables plugin version 1.0.5. It outlines steps to reproduce the issue by injecting a JavaScript payload into a user input field.

Description

Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Swapnil Subhash Bodekar · textwebappsphp
https://www.exploit-db.com/exploits/49406

This is a writeup describing a stored XSS vulnerability in the WordPress Custom Global Variables plugin version 1.0.5. It outlines steps to reproduce the issue by injecting a JavaScript payload into a user input field.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin Custom Global Variables 1.0.5
Auth required
Prerequisites: WordPress 5.6 installed · Custom Global Variables plugin version 1.0.5 activated · Access to plugin settings
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0090
EPSS Percentile 55.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
newtarget/custom_global_variables 1.0.5
Published Feb 25, 2021
Tracked Since Feb 18, 2026