{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T03:13:10.354","vulnerabilities":[{"cve":{"id":"CVE-2021-24245","sourceIdentifier":"contact@wpscan.com","published":"2021-05-06T13:15:11.530","lastModified":"2024-11-21T05:52:40.663","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue."},{"lang":"es","value":"El plugin Stop Spammers WordPress versiones anteriores a 2021.9, no escapó de la entrada del usuario al bloquear peticiones (como hacer coincidir una palabra de spam), emitiéndolo en un atributo después de sanearlo para eliminar etiquetas HTML, lo cual no es suficiente y conlleva a un problema de tipo Cross-Site Scripting Reflejado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"contact@wpscan.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trumani:stop_spammers:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2021.9","matchCriteriaId":"58F6E4AB-287C-44C6-BEC1-C46E260BE1DA"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-Cross-Site-Scripting.html","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}