RentPress <= 6.6.4 – Reflected Cross-Site Scripting | CVE 2021-38323

Affects Plugins

rentpress

No known fix

References

CVE

CVE-2021-38323

URL

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38323

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

p7e4

Verified

No

WPVDB ID

0261dca0-982f-488e-9093-5b64a1c73d7d

Timeline

Publicly Published

2021-09-08 (about 4 years ago)

Added

2021-09-09 (about 4 years ago)

Last Updated

2022-04-09 (about 3 years ago)

Other

Published

Title

Published

2025-11-10

Title

Paypal Donation Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-02-05

Title

Apollo13 Framework Extensions < 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-09-05

Title

Aparat Video Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-08-24

Title

Contact List < 2.9.42 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

BannerMan 0.2.4 - XSS in wp-admin/options-general.php via bannerman_background parameter