https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 19 May 2026 20:56:54 +0000 https://db.gcve.eu/sighting/d569101a-94ac-49f1-a623-b2b059d74838/export {"uuid": "d569101a-94ac-49f1-a623-b2b059d74838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24832", "type": "seen", "source": "https://t.me/cibsecurity/31994", "content": "\u203c CVE-2021-24832 \u203c\n\nThe WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-08T20:29:22.000000Z"} {"uuid": "d569101a-94ac-49f1-a623-b2b059d74838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24832", "type": "seen", "source": "https://t.me/cibsecurity/31994", "content": "\u203c CVE-2021-24832 \u203c\n\nThe WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-08T20:29:22.000000Z"} https://db.gcve.eu/sighting/d569101a-94ac-49f1-a623-b2b059d74838/export Mon, 08 Nov 2021 20:29:22 +0000 https://db.gcve.eu/sighting/f6f70554-51e4-422a-9571-2005db83a1ff/export {"uuid": "f6f70554-51e4-422a-9571-2005db83a1ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24835", "type": "seen", "source": "https://t.me/cibsecurity/31999", "content": "\u203c CVE-2021-24835 \u203c\n\nThe WCFM \u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u20ac\u0153 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-08T20:29:29.000000Z"} {"uuid": "f6f70554-51e4-422a-9571-2005db83a1ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24835", "type": "seen", "source": "https://t.me/cibsecurity/31999", "content": "\u203c CVE-2021-24835 \u203c\n\nThe WCFM \u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u20ac\u0153 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-08T20:29:29.000000Z"} https://db.gcve.eu/sighting/f6f70554-51e4-422a-9571-2005db83a1ff/export Mon, 08 Nov 2021 20:29:29 +0000 https://db.gcve.eu/sighting/fcacafdd-763e-48c4-b41e-48b460ce03ce/export {"uuid": "fcacafdd-763e-48c4-b41e-48b460ce03ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24830", "type": "seen", "source": "https://t.me/cibsecurity/32878", "content": "\u203c CVE-2021-24830 \u203c\n\nThe Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-23T22:21:07.000000Z"} {"uuid": "fcacafdd-763e-48c4-b41e-48b460ce03ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24830", "type": "seen", "source": "https://t.me/cibsecurity/32878", "content": "\u203c CVE-2021-24830 \u203c\n\nThe Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-23T22:21:07.000000Z"} https://db.gcve.eu/sighting/fcacafdd-763e-48c4-b41e-48b460ce03ce/export Tue, 23 Nov 2021 22:21:07 +0000 https://db.gcve.eu/sighting/d40ead12-26ec-46c9-bc06-9124522ff5a8/export {"uuid": "d40ead12-26ec-46c9-bc06-9124522ff5a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24836", "type": "seen", "source": "https://t.me/cibsecurity/33832", "content": "\u203c CVE-2021-24836 \u203c\n\nThe Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T14:26:05.000000Z"} {"uuid": "d40ead12-26ec-46c9-bc06-9124522ff5a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24836", "type": "seen", "source": "https://t.me/cibsecurity/33832", "content": "\u203c CVE-2021-24836 \u203c\n\nThe Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T14:26:05.000000Z"} https://db.gcve.eu/sighting/d40ead12-26ec-46c9-bc06-9124522ff5a8/export Mon, 13 Dec 2021 14:26:05 +0000 https://db.gcve.eu/sighting/13ddfa8f-205a-4170-9dd0-b3df0e167cbb/export {"uuid": "13ddfa8f-205a-4170-9dd0-b3df0e167cbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24831", "type": "seen", "source": "https://t.me/cibsecurity/34856", "content": "\u203c CVE-2021-24831 \u203c\n\nAll AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-03T16:44:07.000000Z"} {"uuid": "13ddfa8f-205a-4170-9dd0-b3df0e167cbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24831", "type": "seen", "source": "https://t.me/cibsecurity/34856", "content": "\u203c CVE-2021-24831 \u203c\n\nAll AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-03T16:44:07.000000Z"} https://db.gcve.eu/sighting/13ddfa8f-205a-4170-9dd0-b3df0e167cbb/export Mon, 03 Jan 2022 16:44:07 +0000 https://db.gcve.eu/sighting/50c1c119-ef38-49ea-a5e2-d0e052cbffde/export {"uuid": "50c1c119-ef38-49ea-a5e2-d0e052cbffde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24838", "type": "seen", "source": "https://t.me/cibsecurity/35666", "content": "\u203c CVE-2021-24838 \u203c\n\nThe AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-17T16:23:16.000000Z"} {"uuid": "50c1c119-ef38-49ea-a5e2-d0e052cbffde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24838", "type": "seen", "source": "https://t.me/cibsecurity/35666", "content": "\u203c CVE-2021-24838 \u203c\n\nThe AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-17T16:23:16.000000Z"} https://db.gcve.eu/sighting/50c1c119-ef38-49ea-a5e2-d0e052cbffde/export Mon, 17 Jan 2022 16:23:16 +0000 https://db.gcve.eu/sighting/d1081f37-ad89-4c29-8d90-e2be953440e9/export {"uuid": "d1081f37-ad89-4c29-8d90-e2be953440e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24839", "type": "seen", "source": "https://t.me/cibsecurity/36945", "content": "\u203c CVE-2021-24839 \u203c\n\nThe SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-07T18:34:56.000000Z"} {"uuid": "d1081f37-ad89-4c29-8d90-e2be953440e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24839", "type": "seen", "source": "https://t.me/cibsecurity/36945", "content": "\u203c CVE-2021-24839 \u203c\n\nThe SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-07T18:34:56.000000Z"} https://db.gcve.eu/sighting/d1081f37-ad89-4c29-8d90-e2be953440e9/export Mon, 07 Feb 2022 18:34:56 +0000 https://db.gcve.eu/sighting/44d07fa8-7492-4f39-89fd-8574cf895528/export {"uuid": "44d07fa8-7492-4f39-89fd-8574cf895528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24837", "type": "seen", "source": "https://t.me/cibsecurity/56831", "content": "\u203c CVE-2021-24837 \u203c\n\nThe Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:24:57.000000Z"} {"uuid": "44d07fa8-7492-4f39-89fd-8574cf895528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24837", "type": "seen", "source": "https://t.me/cibsecurity/56831", "content": "\u203c CVE-2021-24837 \u203c\n\nThe Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:24:57.000000Z"} https://db.gcve.eu/sighting/44d07fa8-7492-4f39-89fd-8574cf895528/export Mon, 23 Jan 2023 18:24:57 +0000 https://db.gcve.eu/sighting/8fb5464b-3aa2-4558-90dd-39baca4bcf5a/export {"uuid": "8fb5464b-3aa2-4558-90dd-39baca4bcf5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24838", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24838.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} {"uuid": "8fb5464b-3aa2-4558-90dd-39baca4bcf5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24838", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24838.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} https://db.gcve.eu/sighting/8fb5464b-3aa2-4558-90dd-39baca4bcf5a/export Thu, 27 Apr 2023 09:58:59 +0000