VYPR

Stock in & out

by WordPress

CVEs (2)

  • CVE-2021-24520HigAug 9, 2021
    risk 0.57cvss 8.8epss 0.02

    The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability.

  • CVE-2021-24346MedJun 14, 2021
    risk 0.35cvss 5.4epss 0.01

    The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue