cleantalk
Vulnerabilities and Security Researches

Sitewide Notice WP, CVE-2021-24592

CVE, Research URL

CVE-2021-24592

Home page URL

Security reports for Sitewide Notice WP

Application

Sitewide Notice WP

Published on
Aug 30, 2021
Research Description
The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected versions
max 2.3.
Status
vulnerable
Previous vulnerability researches
Sitewide Notice WP (CVE-2025-67575) , Dec 11, 2025
Sitewide Notice WP (CVE-2021-24592) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025