Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2021-24847 - Before 8 Plugin
The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed
PLUGIN
Before 8
CVE-2021-24847
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24506 - Before 8 Plugin
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.
PLUGIN
Before 8
CVE-2021-24506
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24371 - Before 8 Plugin
The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.
PLUGIN
Before 8
CVE-2021-24371
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24383 - Before 8 Plugin
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
PLUGIN
Before 8
CVE-2021-24383
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24342 - Before 8 Theme
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
THEME
Before 8
CVE-2021-24342
Risk Score