{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T20:20:56.925","vulnerabilities":[{"cve":{"id":"CVE-2021-24305","sourceIdentifier":"contact@wpscan.com","published":"2021-05-24T11:15:08.283","lastModified":"2024-11-21T05:52:48.313","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Target First WordPress Plugin v2.0, also previously known as Watcheezy, suffers from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the 'weeWzKey' parameter that will be save as the 'weeID option and is not sanitized."},{"lang":"es","value":"El plugin de WordPress Target First versión v2.0, también se conoce anteriormente como Watcheezy, sufre una vulnerabilidad crítica de tipo XSS almacenado no autenticado. Un atacante podría cambiar el valor de la clave de licencia por medio de un POST en cualquier URL con el parámetro \"weeWzKey\" que se guardará como la opción 'weeID y no es saneado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"contact@wpscan.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:targetfirst:watcheezy:2.0:*:*:*:*:wordpress:*:*","matchCriteriaId":"074A4273-DCFA-4DBA-8FB8-95B7A7EAAE4C"}]}]}],"references":[{"url":"https://wpscan.com/vulnerability/4d55d1f5-a7b8-4029-942d-7a13e2498f64","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.targetfirst.com/","source":"contact@wpscan.com","tags":["Vendor Advisory"]},{"url":"https://wpscan.com/vulnerability/4d55d1f5-a7b8-4029-942d-7a13e2498f64","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.targetfirst.com/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}