cleantalk
Vulnerabilities and Security Researches

Sign-up Sheets, CVE-2021-24440

CVE, Research URL

CVE-2021-24440

Home page URL

Security reports for Sign-up Sheets

Application

Sign-up Sheets

Published on
Jul 13, 2021
Research Description
The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard
Affected versions
Min -, max 1.0.14.
Status
vulnerable
Previous vulnerability researches
Sign-up Sheets (CVE-2024-31303) , Jun 07, 2024
Sign-up Sheets (CVE-2021-24441) , Jun 07, 2024
Sign-up Sheets (CVE-2021-24440) , Jun 07, 2024
Sign-up Sheets (CVE-2023-39165) , Jun 07, 2024
Sign-up Sheets (CVE-2025-26996) , Apr 17, 2025
New vulnerability
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025