WP Dialog <= 1.2.5.5 – Authenticated Stored Cross-Site Scripting | CVE 2021-24600 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload in the Welcome message (st_content parameter) of the plugin:

</script><img src onerror=alert(/XSS/)> to trigger the XSS in any frontend page
</textarea><img src onerror=alert(/XSS/)> to trigger the XSS in the plugin's settings

https://github.com/liaojia-99/my-creat-cve/blob/main/1.md

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

liaojia@webray.com.cn inc

Submitter

liaojia@webray.com.cn inc

Verified

Yes

WPVDB ID

413b3a2e-1c05-45ec-b00f-1c137a1ae33e

Timeline

Publicly Published

2021-07-31 (about 4 years ago)

Added

2021-08-19 (about 4 years ago)

Last Updated

2022-03-07 (about 3 years ago)

Other

Published

Title

Published

2025-10-10

Title

Stock History & Reports Manager for WooCommerce < 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2026-01-23

Title

Postalicious <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

Published

2025-04-01

Title

Team Members for Elementor Page Builder <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-09-20

Title

WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting

Published

2023-01-03

Title

Blockonomics < 3.5.8 - Reflected Cross-Site Scripting