Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.5 views

CVE-2021-24346

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...

5.4CVSS6.3AI score0.00675EPSS
Exploits2References1
OSV
OSV
added 2021/08/09 10:15 a.m.5 views

CVE-2021-24520

The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability...

8.8CVSS7.3AI score0.01568EPSS
Exploits2References2
CVE
CVE
added 2021/08/09 10:4 a.m.61 views

CVE-2021-24520

CVE-2021-24520 affects the WordPress plugin Stock in & out (

8.8CVSS9AI score0.01568EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.2 views

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress plugin The Stock in & out 1.0.4 and earlier...

8.8CVSS8.1AI score0.01568EPSS
Exploits2References3
OSV
OSV
added 2021/06/14 2:15 p.m.1 views

CVE-2021-24346

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...

5.4CVSS6.1AI score0.00675EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/06/14 12:0 a.m.6 views

Stock in & out WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Stock in & out WordPress that stems from not...

5.4CVSS5.6AI score0.00675EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/05/27 12:0 a.m.110 views

Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The plugin has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue POST /wp-admin/admin.php?page=stockin HTTP/1.1 Content-Length: 66...

5.4CVSS0.7AI score0.00675EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/05/27 12:0 a.m.14 views

Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The plugin has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue PoC POST /wp-admin/admin.php?page=stockin HTTP/1.1 Content-Length: 66...

5.4CVSS0.00675EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/05/27 12:0 a.m.14 views

WordPress Stock in & out plugin <= 1.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Stock in & out plugin versions = 1.0.4. Solution This plugin has been closed as of April 29, 2021 and is not available for download. This closure is temporary, pending a full review...

5.4CVSS3.1AI score0.00675EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder