|
200441
|
8.1 |
HIGH
Network
|
imagestowebp_project
|
images_to_webp
|
The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service…
|
-
|
CVE-2021-24641
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200442
|
4.8 |
MEDIUM
Network
|
tammersoft
|
shared_files
|
The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even wh…
|
-
|
CVE-2021-24856
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200443
|
5.4 |
MEDIUM
Network
|
qr_redirector_project
|
qr_redirector
|
The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Script…
|
-
|
CVE-2021-24854
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200444
|
4.3 |
MEDIUM
Network
|
qr_redirector_project
|
qr_redirector
|
The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated us…
|
CWE-352
Origin Validation Error
|
CVE-2021-24853
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200445
|
6.5 |
MEDIUM
Network
|
mousewheel_smooth_scroll_project
|
mousewheel_smooth_scroll
|
The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack
|
-
|
CVE-2021-24852
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200446
|
4.3 |
MEDIUM
Network
|
insert_pages_project
|
insert_pages
|
The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie priva…
|
CWE-862
Missing Authorization
|
CVE-2021-24851
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200447
|
5.4 |
MEDIUM
Network
|
insert_pages_project
|
insert_pages
|
The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site…
|
-
|
CVE-2021-24850
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200448
|
8.8 |
HIGH
Network
|
wp-buy
|
seo_redirection-301_redirect_manager
|
The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset para…
|
-
|
CVE-2021-24847
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200449
|
4.8 |
MEDIUM
Network
|
helpful_project
|
helpful
|
The Helpful WordPress plugin before 4.4.59 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_h…
|
-
|
CVE-2021-24841
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200450
|
5.4 |
MEDIUM
Network
|
yop-poll
|
yop_poll
|
The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is all…
|
-
|
CVE-2021-24834
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
