cleantalk
Vulnerabilities and Security Researches

OpenID Connect Generic Client, CVE-2021-24214

CVE, Research URL

CVE-2021-24214

Home page URL

Security reports for OpenID Connect Generic Client

Application

OpenID Connect Generic Client

Published on
May 06, 2021
Research Description
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Affected versions
max 3.8.2.
Status
vulnerable
Previous vulnerability researches
OpenID Connect Generic Client (CVE-2025-13730) , Jan 11, 2026
OpenID Connect Generic Client (CVE-2021-24214) , Jun 07, 2024
New vulnerability
Pure WC Variation Swatches (CVE-2025-12820) , Jan 11, 2026
WP Scraper (CVE-2025-62088) , Jan 11, 2026
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As (CVE-2025-68596) , Jan 11, 2026
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic (CVE-2025-69093) , Jan 11, 2026
SALESmanago (CVE-2025-68571) , Jan 11, 2026