{"vulnerability": "CVE-2021-2443", "sightings": [{"uuid": "0a3b1ef0-69e4-46d9-b33d-eab1fce26d1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24435", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24435.yaml", "content": "", "creation_timestamp": "2023-05-26T00:44:43.000000Z"}, {"uuid": "e8969596-60ea-4a7e-a769-b65e68d0c556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24432", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18097", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-24432\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.\n\ud83d\udccf Published: 2024-01-16T15:49:30.490Z\n\ud83d\udccf Modified: 2025-06-11T17:10:22.816Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/b92ec5f7-d6a8-476f-a01e-21001a558914/", "creation_timestamp": "2025-06-11T17:34:25.000000Z"}, {"uuid": "edd3ac06-8186-4a3a-92c9-f2d7717ffb55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24432", "type": "seen", "source": "https://t.me/ctinow/180004", "content": "https://ift.tt/0COaTAZ\nCVE-2021-24432 | Advanced AJAX Product Filters Plugin prior 1.5.4.7 on WordPress POST Parameter term_id cross site scripting", "creation_timestamp": "2024-02-06T14:16:48.000000Z"}, {"uuid": "641e2c27-ba98-417a-afc0-7b293e910075", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24433", "type": "seen", "source": "https://t.me/ctinow/179981", "content": "https://ift.tt/YAnsLZj\nCVE-2021-24433 | WP-FeedStats Simple Sort & Search Plugin up to 0.0.3 on WordPress URL Protocol indexurl cross site scripting", "creation_timestamp": "2024-02-06T13:46:57.000000Z"}, {"uuid": "2b63e2cb-a0ef-4d4c-9b4f-fc42a05fa234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24432", "type": "seen", "source": "https://t.me/ctinow/172388", "content": "https://ift.tt/l9W4fjD\nCVE-2021-24432 Exploit", "creation_timestamp": "2024-01-23T23:16:31.000000Z"}, {"uuid": "8b0bc5e3-92ac-4c5b-aabe-9682fbdfbb3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24433", "type": "seen", "source": "https://t.me/ctinow/172441", "content": "https://ift.tt/8rEYOz1\nCVE-2021-24433 Exploit", "creation_timestamp": "2024-01-24T01:16:27.000000Z"}, {"uuid": "632cd19d-13fd-4cb8-9e63-044bbebddb47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24431", "type": "seen", "source": "https://t.me/cibsecurity/28753", "content": "\u203c CVE-2021-24431 \u203c\n\nThe Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-13T22:15:24.000000Z"}, {"uuid": "400dc294-ecd9-4d44-8ca3-cf93963d041a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24438", "type": "seen", "source": "https://t.me/cibsecurity/28009", "content": "\u203c CVE-2021-24438 \u203c\n\nThe ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T18:32:27.000000Z"}, {"uuid": "d80bdfaa-8419-4222-bce9-5051ab17d923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24437", "type": "seen", "source": "https://t.me/cibsecurity/28002", "content": "\u203c CVE-2021-24437 \u203c\n\nThe Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting (XSS) which is executed in the context of a logged administrator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T18:32:20.000000Z"}, {"uuid": "af5942b3-577a-46a3-9908-ae6e29187489", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24430", "type": "seen", "source": "https://t.me/cibsecurity/26663", "content": "\u203c CVE-2021-24430 \u203c\n\nThe Speed Booster Pack \u00c3\u00a2\u00c5\u00a1\u00c2\u00a1 PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-02T14:27:33.000000Z"}, {"uuid": "bdc1ec22-e374-4736-9b55-64e50eedb866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24435", "type": "seen", "source": "https://t.me/cibsecurity/28288", "content": "\u203c CVE-2021-24435 \u203c\n\nThe iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-06T14:40:55.000000Z"}, {"uuid": "2414f9cf-9e12-4af7-af82-2d7db601b33b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2443", "type": "seen", "source": "https://t.me/cibsecurity/26349", "content": "\u203c CVE-2021-2443 \u203c\n\nVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Solaris x86 and Linux systems only. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-21T18:48:42.000000Z"}]}