Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for fitness calculators by Unknown

    CVE-2021-24272 (GCVE-0-2021-24272)

    Vulnerability from nvd – Published: 2021-05-05 18:28 – Updated: 2024-08-03 19:28
    VLAI
    Title
    Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)
    Summary
    The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown fitness calculators Affected: 1.9.6 , < 1.9.6 (custom)
    Create a notification for this product.
    Credits
    0xB9
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:28:22.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fitness calculators",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.9.6",
                  "status": "affected",
                  "version": "1.9.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "0xB9"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-23T16:06:16.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Fitness Calculators \u003c 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24272",
              "STATE": "PUBLIC",
              "TITLE": "Fitness Calculators \u003c 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "fitness calculators",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.9.6",
                                "version_value": "1.9.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "0xB9"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f"
                },
                {
                  "name": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24272",
        "datePublished": "2021-05-05T18:28:47.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:28:22.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24272 (GCVE-0-2021-24272)

    Vulnerability from cvelistv5 – Published: 2021-05-05 18:28 – Updated: 2024-08-03 19:28
    VLAI
    Title
    Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)
    Summary
    The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown fitness calculators Affected: 1.9.6 , < 1.9.6 (custom)
    Create a notification for this product.
    Credits
    0xB9
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:28:22.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fitness calculators",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.9.6",
                  "status": "affected",
                  "version": "1.9.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "0xB9"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-23T16:06:16.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Fitness Calculators \u003c 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24272",
              "STATE": "PUBLIC",
              "TITLE": "Fitness Calculators \u003c 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "fitness calculators",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.9.6",
                                "version_value": "1.9.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "0xB9"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f"
                },
                {
                  "name": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24272",
        "datePublished": "2021-05-05T18:28:47.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:28:22.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }