CVE-2021-24346

CVE-2021-24346: Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

Vendor Unknown
Product Stock in & out
Weakness CWE-79 · XSS
Published June 14, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue

Key dates

02Disclosure timeline

June 14, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-50437 WordPress GeoDirectory plugin <= 2.3.80 - Cross Site Scripting (XSS) vulnerability CVE-2026-28122 WordPress ListingPro plugin <= 2.9.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-47639 WordPress VdoCipher plugin <= 1.29 - Cross Site Scripting (XSS) vulnerability CVE-2023-25466 WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Scripting (XSS) CVE-2023-22857 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0