{"api_version":"1","generated_at":"2026-04-25T05:17:53+00:00","cve":"CVE-2021-24976","urls":{"html":"https://cve.report/CVE-2021-24976","api":"https://cve.report/api/cve/CVE-2021-24976.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-24976","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-24976"},"summary":{"title":"CVE-2021-24976","description":"The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting","state":"PUBLIC","assigner":"contact@wpscan.com","published_at":"2022-01-24 08:15:00","updated_at":"2022-01-28 03:23:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0","name":"https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0","refsource":"MISC","tags":[],"title":"Attention Required! | Cloudflare","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://plugins.trac.wordpress.org/changeset/2637305","name":"https://plugins.trac.wordpress.org/changeset/2637305","refsource":"CONFIRM","tags":[],"title":"403 Forbidden","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-24976","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-24976","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"lnsmile","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"24976","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wbolt","cpe5":"smart_seo_tool","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ID":"CVE-2021-24976","ASSIGNER":"contact@wpscan.com","STATE":"PUBLIC","TITLE":"Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting"},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","generator":"WPScan CVE Generator","affects":{"vendor":{"vendor_data":[{"vendor_name":"Unknown","product":{"product_data":[{"product_name":"Smart SEO Tool – SEO优化插件","version":{"version_data":[{"version_affected":"<","version_name":"3.0.6","version_value":"3.0.6"}]}}]}}]}},"description":{"description_data":[{"lang":"eng","value":"The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0","name":"https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0"},{"refsource":"CONFIRM","url":"https://plugins.trac.wordpress.org/changeset/2637305","name":"https://plugins.trac.wordpress.org/changeset/2637305"}]},"problemtype":{"problemtype_data":[{"description":[{"value":"CWE-79 Cross-site Scripting (XSS)","lang":"eng"}]}]},"credit":[{"lang":"eng","value":"lnsmile"}],"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2022-01-24 08:15:00","lastModifiedDate":"2022-01-28 03:23:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.6},"severity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wbolt:smart_seo_tool:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"3.0.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"24976","Ordinal":"199738","Title":"CVE-2021-24976","CVE":"CVE-2021-24976","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"24976","Ordinal":"1","NoteData":"The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting","Type":"Description","Title":null},{"CveYear":"2021","CveId":"24976","Ordinal":"2","NoteData":"2022-01-24","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"24976","Ordinal":"3","NoteData":"2022-01-24","Type":"Other","Title":"Modified"}]}}}