CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24864

The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://plugins.trac.wordpress.org/changeset/2615400
https://wpscan.com/vulnerability/e3b9ee9f-602d-4e9d-810c-e1e3ba604464
https://plugins.trac.wordpress.org/changeset/2615400
https://wpscan.com/vulnerability/e3b9ee9f-602d-4e9d-810c-e1e3ba604464

Products affected by CVE-2021-24864

Wpscan » Wp Cloudy » Version: Any

cpe:2.3:a:wpscan:wp_cloudy:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24864

Products

Pricing

Contact Us