{"vulnerability": "CVE-2021-2455", "sightings": [{"uuid": "91d87d14-b8e3-4c48-ace5-141da0cb34fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24558", "type": "seen", "source": "https://t.me/cibsecurity/27682", "content": "\u203c CVE-2021-24558 \u203c\n\nThe pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T16:22:55.000000Z"}, {"uuid": "24afd481-adbb-49ea-9b4a-0e750114024f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24559", "type": "seen", "source": "https://t.me/ctinow/180022", "content": "https://ift.tt/gSGfeA3\nCVE-2021-24559 | Qyrr Plugin 0.7 on WordPress AJAX Action data_uri_to_meta cross site scripting", "creation_timestamp": "2024-02-06T14:46:25.000000Z"}, {"uuid": "83324daf-a52a-473c-b056-d7bfb172e0f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24559", "type": "seen", "source": "https://t.me/ctinow/172300", "content": "https://ift.tt/xcKdVS1\nCVE-2021-24559 Exploit", "creation_timestamp": "2024-01-23T21:16:32.000000Z"}, {"uuid": "04b2a01f-d59e-4357-a2ed-969573e8e0b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24551", "type": "seen", "source": "https://t.me/cibsecurity/27696", "content": "\u203c CVE-2021-24551 \u203c\n\nThe Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T16:23:15.000000Z"}, {"uuid": "1e844cef-ea6e-4033-8457-cdae37f04dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24556", "type": "seen", "source": "https://t.me/cibsecurity/27692", "content": "\u203c CVE-2021-24556 \u203c\n\nThe kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST parameters, inserting them in the DB and then outputting them back in the Subscriber list (/wp-admin/edit.php?post_type=kes_campaign&page=kento_email_subscriber_list_settings), leading a Stored XSS issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T16:23:10.000000Z"}, {"uuid": "e8cd875b-ca1c-43be-a01a-16030af07e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24555", "type": "seen", "source": "https://t.me/cibsecurity/27691", "content": "\u203c CVE-2021-24555 \u203c\n\nThe daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T16:23:09.000000Z"}, {"uuid": "6b2fa671-6aa8-426e-be01-0daa60778afa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24554", "type": "seen", "source": "https://t.me/cibsecurity/27690", "content": "\u203c CVE-2021-24554 \u203c\n\nThe Paytm \u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u20ac\u0153 Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T16:23:08.000000Z"}, {"uuid": "9435a39c-7cf3-4230-aa0b-88ff56c98dee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24550", "type": "seen", "source": "https://t.me/cibsecurity/27681", "content": "\u203c CVE-2021-24550 \u203c\n\nThe Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T16:22:54.000000Z"}]}