{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T13:28:04.867","vulnerabilities":[{"cve":{"id":"CVE-2021-24452","sourceIdentifier":"contact@wpscan.com","published":"2021-07-19T11:15:08.627","lastModified":"2024-11-21T05:53:06.010","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the \"extension\" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise."},{"lang":"es","value":"El plugin W3 Total Cache WordPress versiones anteriores a 2.1.5, estaba afectado por un problema de tipo Cross-Site Scripting (XSS) reflejado en el parámetro \"extension\" en el panel de control Extensions, cuando el ajuste \"Anonymously track usage to improve product quality\" está activado, ya que el parámetro se emite en un contexto JavaScript sin un escape apropiado. Esto podría permitir a un atacante, que puede convencer a un administrador autenticado para que haga clic en un enlace, ejecutar JavaScript malicioso dentro del navegador web del usuario, lo que podría conllevar a un compromiso total del sitio"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"contact@wpscan.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.1.5","matchCriteriaId":"BFEEC9B9-3C9A-4009-9DB8-84B41725D6AA"}]}]}],"references":[{"url":"https://wpscan.com/vulnerability/3e855e09-056f-45b5-89a9-d644b7d8c9d0","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpscan.com/vulnerability/3e855e09-056f-45b5-89a9-d644b7d8c9d0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}