Skip to content

Pricing
Knowledge base
Support

Pricing
Knowledge base
Support

> Get Pro <
Pricing
Knowledge base
Support
Account area

> Get Pro <
Pricing
Knowledge base
Support
Account area

Home » Vulnerabilities » Input validation vulnerability in CM Tooltip Glossary 3.9.21

Search

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Pricing
Knowledge base
Support

Pricing
Knowledge base
Support

Input validation vulnerability in CM Tooltip Glossary 3.9.21

CVE-2021-24678

Severity: medium-risk
Status: Open
Publication: September 6, 2021

The CM Tooltip Glossary plugin for WordPress is not secure and can be used by people with bad intentions to harm users. Versions of the plugin up to 3.9.20 have a weakness that allows people to insert harmful code into websites that will be executed when someone visits the website. This code can be used to do things like steal a person’s information or damage their device. The plugin does not protect users from this type of attack.

Detected in:

CM Popup Plugin for WordPress – Popup Maker fixed vulnerable versions:

CM Tooltip Glossary – Empower your content with clarity and meaning fixed vulnerable versions:

CM Tooltip Glossary – Powerful Glossary Plugin fixed vulnerable versions:

CM Tooltip Glossary open vulnerable versions: >= * < 3.9.21

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Your Email

Plugins

Really Simple Security
Complianz
SimplyBook.me

© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)

Wordpress Linkedin Github

Get Started

Pricing
Knowledge Base
Support
F.A.Q

Account
Become an Affiliate

About

About Us

Privacy Statement
Cookie Policy
Terms of Use
Coordinated Vulnerability Disclosure

Popular articles

Why WordPress is (in)secure
Always be ahead of vulnerabilities
Harden your website’s security
Login protection as essential security
Protect site visitors with Security Headers
Enable an efficient and performant firewall

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}