|
197911
|
4.3 |
MEDIUM
Network
|
wpdeveloper
|
simple_301_redirects
|
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and sim…
|
-
|
CVE-2021-24355
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197912
|
8.8 |
HIGH
Network
|
wpdeveloper
|
simple_301_redirects
|
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to insta…
|
-
|
CVE-2021-24354
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197913
|
8.8 |
HIGH
Network
|
wpdeveloper
|
simple_301_redirects
|
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of sit…
|
-
|
CVE-2021-24353
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197914
|
8.8 |
HIGH
Network
|
wpdeveloper
|
simple_301_redirects
|
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's red…
|
-
|
CVE-2021-24352
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197915
|
6.1 |
MEDIUM
Network
|
posimyth
|
the_plus_addons_for_elementor
|
The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scriptin…
|
-
|
CVE-2021-24351
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197916
|
6.1 |
MEDIUM
Network
|
bestwebsoft
|
visitors_online
|
The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation o…
|
-
|
CVE-2021-24350
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197917
|
6.1 |
MEDIUM
Network
|
gallery_from_files_project
|
gallery_from_files
|
This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when…
|
-
|
CVE-2021-24349
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197918
|
5.3 |
MEDIUM
Network
|
posimyth
|
the_plus_addons_for_elementor
|
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbit…
|
CWE-287
Improper Authentication
|
CVE-2021-24359
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197919
|
7.2 |
HIGH
Network
|
wow-estore
|
side_menu
|
The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement w…
|
-
|
CVE-2021-24348
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197920
|
8.8 |
HIGH
Network
|
smartypantsplugins
|
sp_project_\&_document_manager
|
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server f…
|
-
|
CVE-2021-24347
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
