cleantalk
Vulnerabilities and Security Researches

Prismatic, CVE-2021-24409

CVE, Research URL

CVE-2021-24409

Home page URL

Security reports for Prismatic

Application

Prismatic

Published on
Jul 13, 2021
Research Description
The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
Affected versions
max 2.8.
Status
vulnerable
Previous vulnerability researches
Prismatic (CVE-2026-3876) , Apr 16, 2026
Prismatic (CVE-2021-24408) , Jun 07, 2024
Prismatic (CVE-2021-24409) , Jun 07, 2024
New vulnerability
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2026-3885) , Apr 16, 2026
Royal Elementor Addons and Templates (CVE-2026-40763) , Apr 16, 2026
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO (CVE-2026-0563) , Apr 16, 2026
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2026-3614) , Apr 16, 2026
Token of Trust: AI Identity Verification, Age Verification, and KYC (CVE-2026-2834) , Apr 16, 2026