Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by Moove Agency
CVE-2024-31292 (GCVE-0-2024-31292)
Vulnerability from nvd – Published: 2024-04-07 17:29 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Import XML and RSS Feeds plugin <= 2.1.5 - Arbitrary File Upload vulnerability
Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/imp… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Moove Agency | Import XML and RSS Feeds |
Affected:
n/a , ≤ 2.1.5
(custom)
|
|
| wordpress | import_xml_and_rss_feeds_plugin |
Affected:
0 , ≤ 2.1.5
(custom)
cpe:2.3:a:wordpress:import_xml_and_rss_feeds_plugin:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wordpress:import_xml_and_rss_feeds_plugin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "import_xml_and_rss_feeds_plugin",
"vendor": "wordpress",
"versions": [
{
"lessThanOrEqual": "2.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T13:11:00.975808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:40:54.002Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/import-xml-feed/wordpress-import-xml-and-rss-feeds-plugin-2-1-5-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "import-xml-feed",
"product": "Import XML and RSS Feeds",
"vendor": "Moove Agency",
"versions": [
{
"changes": [
{
"at": "2.1.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "stealthcopter (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.\u003cp\u003eThis issue affects Import XML and RSS Feeds: from n/a through 2.1.5.\u003c/p\u003e"
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:30.248Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/import-xml-feed/wordpress-import-xml-and-rss-feeds-plugin-2-1-5-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.1.6 or a higher version."
}
],
"value": "Update to 2.1.6 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Import XML and RSS Feeds plugin \u003c= 2.1.5 - Arbitrary File Upload vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-31292",
"datePublished": "2024-04-07T17:29:15.731Z",
"dateReserved": "2024-03-29T17:22:51.686Z",
"dateUpdated": "2026-04-28T16:09:30.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-24286 (GCVE-0-2021-24286)
Vulnerability from nvd – Published: 2021-05-14 11:38 – Updated: 2024-08-03 19:28
VLAI
Title
Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
Summary
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/b9a535f3-cb0b-46… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/164328/WordP… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Moove Agency | Redirect 404 to parent |
Affected:
1.3.1 , < 1.3.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redirect 404 to parent",
"vendor": "Moove Agency",
"versions": [
{
"lessThan": "1.3.1",
"status": "affected",
"version": "1.3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0xB9"
}
],
"descriptions": [
{
"lang": "en",
"value": "The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T16:06:22.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Redirect 404 to Parent \u003c 1.3.1 - Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24286",
"STATE": "PUBLIC",
"TITLE": "Redirect 404 to Parent \u003c 1.3.1 - Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Redirect 404 to parent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.1",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "Moove Agency"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27"
},
{
"name": "http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24286",
"datePublished": "2021-05-14T11:38:18.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24287 (GCVE-0-2021-24287)
Vulnerability from nvd – Published: 2021-05-14 11:38 – Updated: 2024-08-03 19:28
VLAI
Title
Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
Summary
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/56e1bb56-bfc5-40… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/164327/WordP… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Moove Agency | Select All Categories and Taxonomies, Change Checkbox to Radio Buttons |
Affected:
1.3.2 , < 1.3.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Select All Categories and Taxonomies, Change Checkbox to Radio Buttons",
"vendor": "Moove Agency",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "1.3.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0xB9"
}
],
"descriptions": [
{
"lang": "en",
"value": "The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T16:06:17.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Select All Categories and Taxonomies \u003c 1.3.2 - Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24287",
"STATE": "PUBLIC",
"TITLE": "Select All Categories and Taxonomies \u003c 1.3.2 - Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Select All Categories and Taxonomies, Change Checkbox to Radio Buttons",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.2",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name": "Moove Agency"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf"
},
{
"name": "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24287",
"datePublished": "2021-05-14T11:38:18.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31292 (GCVE-0-2024-31292)
Vulnerability from cvelistv5 – Published: 2024-04-07 17:29 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Import XML and RSS Feeds plugin <= 2.1.5 - Arbitrary File Upload vulnerability
Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/imp… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Moove Agency | Import XML and RSS Feeds |
Affected:
n/a , ≤ 2.1.5
(custom)
|
|
| wordpress | import_xml_and_rss_feeds_plugin |
Affected:
0 , ≤ 2.1.5
(custom)
cpe:2.3:a:wordpress:import_xml_and_rss_feeds_plugin:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wordpress:import_xml_and_rss_feeds_plugin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "import_xml_and_rss_feeds_plugin",
"vendor": "wordpress",
"versions": [
{
"lessThanOrEqual": "2.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T13:11:00.975808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:40:54.002Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/import-xml-feed/wordpress-import-xml-and-rss-feeds-plugin-2-1-5-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "import-xml-feed",
"product": "Import XML and RSS Feeds",
"vendor": "Moove Agency",
"versions": [
{
"changes": [
{
"at": "2.1.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "stealthcopter (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.\u003cp\u003eThis issue affects Import XML and RSS Feeds: from n/a through 2.1.5.\u003c/p\u003e"
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:30.248Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/import-xml-feed/wordpress-import-xml-and-rss-feeds-plugin-2-1-5-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.1.6 or a higher version."
}
],
"value": "Update to 2.1.6 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Import XML and RSS Feeds plugin \u003c= 2.1.5 - Arbitrary File Upload vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-31292",
"datePublished": "2024-04-07T17:29:15.731Z",
"dateReserved": "2024-03-29T17:22:51.686Z",
"dateUpdated": "2026-04-28T16:09:30.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-24286 (GCVE-0-2021-24286)
Vulnerability from cvelistv5 – Published: 2021-05-14 11:38 – Updated: 2024-08-03 19:28
VLAI
Title
Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
Summary
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/b9a535f3-cb0b-46… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/164328/WordP… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Moove Agency | Redirect 404 to parent |
Affected:
1.3.1 , < 1.3.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redirect 404 to parent",
"vendor": "Moove Agency",
"versions": [
{
"lessThan": "1.3.1",
"status": "affected",
"version": "1.3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0xB9"
}
],
"descriptions": [
{
"lang": "en",
"value": "The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T16:06:22.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Redirect 404 to Parent \u003c 1.3.1 - Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24286",
"STATE": "PUBLIC",
"TITLE": "Redirect 404 to Parent \u003c 1.3.1 - Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Redirect 404 to parent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.1",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "Moove Agency"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27"
},
{
"name": "http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24286",
"datePublished": "2021-05-14T11:38:18.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24287 (GCVE-0-2021-24287)
Vulnerability from cvelistv5 – Published: 2021-05-14 11:38 – Updated: 2024-08-03 19:28
VLAI
Title
Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
Summary
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/56e1bb56-bfc5-40… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/164327/WordP… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Moove Agency | Select All Categories and Taxonomies, Change Checkbox to Radio Buttons |
Affected:
1.3.2 , < 1.3.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Select All Categories and Taxonomies, Change Checkbox to Radio Buttons",
"vendor": "Moove Agency",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "1.3.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0xB9"
}
],
"descriptions": [
{
"lang": "en",
"value": "The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T16:06:17.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Select All Categories and Taxonomies \u003c 1.3.2 - Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24287",
"STATE": "PUBLIC",
"TITLE": "Select All Categories and Taxonomies \u003c 1.3.2 - Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Select All Categories and Taxonomies, Change Checkbox to Radio Buttons",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.2",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name": "Moove Agency"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf"
},
{
"name": "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24287",
"datePublished": "2021-05-14T11:38:18.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}