Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2021-24554 - Through 1 Plugin
The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue
PLUGIN
Through 1
CVE-2021-24554
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24553 - Through 1 Plugin
The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin
PLUGIN
Through 1
CVE-2021-24553
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24552 - Through 1 Plugin
The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue
PLUGIN
Through 1
CVE-2021-24552
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24497 - Through 1 Plugin
The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.
PLUGIN
Through 1
CVE-2021-24497
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24556 - Through 1 Plugin
The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST parameters, inserting them in the DB and then outputting them back in the Subscriber list (/wp-admin/edit.php?post_type=kes_campaign&page=kento_email_subscriber_list_settings), leading a Stored XSS issue.
PLUGIN
Through 1
CVE-2021-24556
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24547 - Through 1 Plugin
The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to Authenticated Stored XSS in the separator field.
PLUGIN
Through 1
CVE-2021-24547
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24536 - Through 1 Plugin
The Custom Login Redirect WordPress plugin through 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue
PLUGIN
Through 1
CVE-2021-24536
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24538 - Through 1 Plugin
The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.
PLUGIN
Through 1
CVE-2021-24538
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24535 - Through 1 Plugin
The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them (even with the unfiltered_html disallowed). As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a Cross-Site Scripting payload in the Message Content. Depending on the options set, the XSS payload can be triggered either in the backend only (in the plugin's settings), or both frontend and backend.
PLUGIN
Through 1
CVE-2021-24535
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24411 - Through 1 Plugin
The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack
PLUGIN
Through 1
CVE-2021-24411
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24410 - Through 1 Plugin
The తెలుగు బైబిల్ వచనములు WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues
PLUGIN
Through 1
CVE-2021-24410
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24445 - Through 1 Plugin
The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
PLUGIN
Through 1
CVE-2021-24445
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24380 - Through 1 Plugin
The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.
PLUGIN
Through 1
CVE-2021-24380
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24520 - Through 1 Plugin
The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability.
PLUGIN
Through 1
CVE-2021-24520
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24504 - Through 1 Plugin
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated)
PLUGIN
Through 1
CVE-2021-24504
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24477 - Through 1 Plugin
The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack.
PLUGIN
Through 1
CVE-2021-24477
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24481 - Through 1 Plugin
The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it
PLUGIN
Through 1
CVE-2021-24481
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24428 - Through 1 Plugin
The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed.
PLUGIN
Through 1
CVE-2021-24428
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24453 - Through 1 Plugin
The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure
PLUGIN
Through 1
CVE-2021-24453
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24434 - Through 1 Plugin
The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
PLUGIN
Through 1
CVE-2021-24434
Risk Score