Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CNVD
CNVDadded 2021/10/28 12:0 a.m.18 views

WordPress St-Daily-Tip plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress St-Daily-Tip plugin has a cross-site request spoofing vulnerability in version 4.7 and earlier, which stems from a...

8.8CVSS2.7AI score0.00302EPSS
Exploits2References1
OSV
OSVadded 2021/10/25 2:15 p.m.4 views

CVE-2021-24487

The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a...

8.8CVSS7.3AI score0.00302EPSS
Exploits2References1
NVD
NVDadded 2021/10/25 2:15 p.m.9 views

CVE-2021-24487

The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a...

8.8CVSS0.00302EPSS
Exploits2References1
CVE
CVEadded 2021/10/25 1:20 p.m.41 views

CVE-2021-24487

CVE-2021-24487 concerns the WordPress plugin St-Daily-Tip (versions ≤ 4.7). The vulnerability arises from a lack of CSRF protection and insufficient sanitisation/escaping when saving the setting “Default Text to Display if no tips,” allowing a logged-in attacker to cause a stored Cross-Site Scrip...

8.8CVSS7.9AI score0.00302EPSS
Exploits2References1Affected Software1
CNNVD
CNNVDadded 2021/10/25 12:0 a.m.1 views

WordPress plugin St-Daily-Tip 跨站脚本漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress St-Daily-Tip plugin has a cross-site request spoofing vulnerability in version 4.7 and earlier, which stems from a...

8.8CVSS5.5AI score0.00302EPSS
Exploits2References1
Patchstack
Patchstackadded 2021/09/21 12:0 a.m.9 views

WordPress St-Daily-Tip plugin <= 4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Akash Rajendra Patil in WordPress St-Daily-Tip plugin versions = 4.7. Solution Deactivate and delete. This plugin has been closed as of June 28, 2021 and is not available for download. Reason:...

2.1AI score0.00302EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder