CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24631

The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://codevigilant.com/disclosure/2021/wp-plugin-unlimited-popups/
https://wpscan.com/vulnerability/9841176d-1d37-4636-9144-0ca42b6f3605
https://codevigilant.com/disclosure/2021/wp-plugin-unlimited-popups/
https://wpscan.com/vulnerability/9841176d-1d37-4636-9144-0ca42b6f3605

Products affected by CVE-2021-24631

Unlimited Popups Project » Unlimited Popups » Version: N/A

cpe:2.3:a:unlimited_popups_project:unlimited_popups:-
Unlimited Popups Project » Unlimited Popups » Version: 4.5.3

cpe:2.3:a:unlimited_popups_project:unlimited_popups:4.5.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24631

Products

Pricing

Contact Us