{"vulnerability": "CVE-2021-2447", "sightings": [{"uuid": "66975d32-93f7-44b9-9947-96104eb88a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24472", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24472.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "de00c12c-f1f4-406c-a2f8-9d522ac75113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24479", "type": "seen", "source": "https://t.me/cibsecurity/26668", "content": "\u203c CVE-2021-24479 \u203c\n\nThe DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-02T14:27:40.000000Z"}, {"uuid": "9097ac91-1f82-4ad0-851c-4baca407dd1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24476", "type": "seen", "source": "https://t.me/cibsecurity/26667", "content": "\u203c CVE-2021-24476 \u203c\n\nThe Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its \"Steam Group Address\" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-02T14:27:39.000000Z"}, {"uuid": "582da7ae-23a6-41d4-8371-953a7b94887f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24472", "type": "seen", "source": "https://t.me/cibsecurity/26656", "content": "\u203c CVE-2021-24472 \u203c\n\nThe OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-02T14:27:23.000000Z"}, {"uuid": "4ffbd9e3-5b28-4884-afa9-6411661ca03a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24471", "type": "seen", "source": "https://t.me/cibsecurity/27357", "content": "\u203c CVE-2021-24471 \u203c\n\nThe YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. using w, h, controls, cc_lang, color, language, start, stop, or style parameter of youtube shortcode, 2. by using style, class, rel, target, width, height, or alt parameter of youtube_thumb shortcode, or 3. by embedding a video whose title or description contains XSS payload (if API key is configured).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-16T14:14:36.000000Z"}]}