CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24346

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.8%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://codevigilant.com/disclosure/2021/wp-plugin-stock-in/
https://wpscan.com/vulnerability/c25146fd-4143-463c-8c85-05dd33e9a77b
https://codevigilant.com/disclosure/2021/wp-plugin-stock-in/
https://wpscan.com/vulnerability/c25146fd-4143-463c-8c85-05dd33e9a77b

Products affected by CVE-2021-24346

Stock In & Out Project » Stock In & Out » Version: N/A

cpe:2.3:a:stock_in_&_out_project:stock_in_&_out:-
Stock In & Out Project » Stock In & Out » Version: 1.0.4

cpe:2.3:a:stock_in_&_out_project:stock_in_&_out:1.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24346

Products

Pricing

Contact Us