Custom Website Data <= 2.2 – Reflected Cross-Site Scripting | CVE 2021-38347

Affects Plugins

simple-custom-website-data

No known fix

References

CVE

CVE-2021-38347

URL

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38347

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

p7e4

Verified

No

WPVDB ID

15d818bd-79a4-4659-a51b-436b830c841a

Timeline

Publicly Published

2021-09-09 (about 4 years ago)

Added

2021-09-10 (about 4 years ago)

Last Updated

2022-04-26 (about 4 years ago)

Other

Published

Title

Published

2023-10-25

Title

Fathom Analytics < 3.1.0 - Admin+ Stored XSS

Published

2025-01-16

Title

Easy Code Placement <= 18.11 - Reflected Cross-Site Scripting

Published

2023-07-16

Title

CartFlows Pro < 1.11.12 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

Repagent - dewplayer-vinyl-en.swf xml Parameter XML File H&ling XSS

Published

2023-01-12

Title

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.12.7 - Contributor+ Stored XSS via Shortcode