Sanskruti

sanskruti

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

St Daily Tip

st-daily-tip

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24487 1Sanskruti 1St Daily Tip Jun 17, 2026 Oct 25, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it...Show more The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to a Stored Cross-Site Scripting issueShow less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-24487

1Sanskruti

1St Daily Tip

Jun 17, 2026

Oct 25, 2021

N/A· v4

8.8 HIGH· v3

6.8 MEDIUM· v2

The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to a Stored Cross-Site Scripting issueShow less