Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2021-24404 - Through 1 Plugin
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query ran twice.
PLUGIN
Through 1
CVE-2021-24404
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24402 - Through 1 Plugin
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors
PLUGIN
Through 1
CVE-2021-24402
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24401 - Through 1 Plugin
The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
PLUGIN
Through 1
CVE-2021-24401
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24597 - Through 1 Plugin
The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used
PLUGIN
Through 1
CVE-2021-24597
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24600 - Through 1 Plugin
The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Through 1
CVE-2021-24600
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24596 - Through 1 Plugin
The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
PLUGIN
Through 1
CVE-2021-24596
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24530 - Through 1 Plugin
The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
PLUGIN
Through 1
CVE-2021-24530
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24399 - Through 1 Plugin
The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
PLUGIN
Through 1
CVE-2021-24399
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24398 - Through 1 Plugin
The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.
PLUGIN
Through 1
CVE-2021-24398
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24397 - Through 1 Plugin
The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
PLUGIN
Through 1
CVE-2021-24397
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24396 - Through 1 Plugin
A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
PLUGIN
Through 1
CVE-2021-24396
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24619 - Through 1 Plugin
The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.
PLUGIN
Through 1
CVE-2021-24619
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24493 - Through 1 Plugin
The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary files and leading to RCE
PLUGIN
Through 1
CVE-2021-24493
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24431 - Through 1 Plugin
The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users
PLUGIN
Through 1
CVE-2021-24431
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24395 - Through 1 Plugin
The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
PLUGIN
Through 1
CVE-2021-24395
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24394 - Through 1 Plugin
An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection
PLUGIN
Through 1
CVE-2021-24394
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24391 - Through 1 Plugin
An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
PLUGIN
Through 1
CVE-2021-24391
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24392 - Through 1 Plugin
An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
PLUGIN
Through 1
CVE-2021-24392
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24437 - Through 1 Plugin
The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting (XSS) which is executed in the context of a logged administrator.
PLUGIN
Through 1
CVE-2021-24437
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24558 - Through 1 Plugin
The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue
PLUGIN
Through 1
CVE-2021-24558
Risk Score