{"vulnerability": "CVE-2021-2460", "sightings": [{"uuid": "0bcb1502-ae83-4721-a3a1-051f62d9029e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24608", "type": "seen", "source": "https://t.me/cibsecurity/31118", "content": "\u203c CVE-2021-24608 \u203c\n\nThe Formidable Form Builder \u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u20ac\u0153 Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-25T18:13:42.000000Z"}, {"uuid": "a44e3c62-8735-44a8-ba7a-56c6c5938c9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24609", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/626", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for exploiting CVE-2021-32959 : Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06\nURL\uff1ahttps://github.com/AlAIAL90/CVE-2021-24609", "creation_timestamp": "2021-10-01T21:25:22.000000Z"}, {"uuid": "b117fbaf-39b4-428d-98cb-d11a6ef62e2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24606", "type": "seen", "source": "https://t.me/cibsecurity/29092", "content": "\u203c CVE-2021-24606 \u203c\n\nThe Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-20T14:26:57.000000Z"}, {"uuid": "75da2eb3-6721-4c74-9bb9-5dbfb5426582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24600", "type": "seen", "source": "https://t.me/cibsecurity/29087", "content": "\u203c CVE-2021-24600 \u203c\n\nThe WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-20T14:26:49.000000Z"}, {"uuid": "fcfb08c4-33cf-4e7a-bc09-84364a514238", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24604", "type": "seen", "source": "https://t.me/cibsecurity/29085", "content": "\u203c CVE-2021-24604 \u203c\n\nThe Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-20T14:26:47.000000Z"}, {"uuid": "a8528ca3-d1c1-4755-aa71-b0c11efe2513", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24603", "type": "seen", "source": "https://t.me/cibsecurity/28275", "content": "\u203c CVE-2021-24603 \u203c\n\nThe Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-06T14:40:38.000000Z"}, {"uuid": "29ca7c64-17c9-49c7-9efc-acf832853bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24602", "type": "seen", "source": "https://t.me/cibsecurity/27679", "content": "\u203c CVE-2021-24602 \u203c\n\nThe HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T16:22:52.000000Z"}, {"uuid": "7c39c468-88d0-49d4-9b93-344e98323bfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24601", "type": "seen", "source": "https://t.me/cibsecurity/28284", "content": "\u203c CVE-2021-24601 \u203c\n\nThe WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-06T14:40:51.000000Z"}, {"uuid": "52a493b6-3372-4eb6-aec6-b244e0b00acb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24604", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4427", "content": "#exploit\nCVE-2021-24604 :\nThe Availability Calendar WordPress plugin <1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed\nhttps://github.com/AlAIAL90/CVE-2021-24604", "creation_timestamp": "2021-10-02T16:33:39.000000Z"}]}