|
197741
|
5.4 |
MEDIUM
Network
|
wp_map_block_project
|
wp_map_block
|
The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting at…
|
-
|
CVE-2021-24643
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197742
|
5.4 |
MEDIUM
Network
|
wpzoom
|
recipe_card_blocks_for_gutenberg_\&_elementor
|
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredi…
|
-
|
CVE-2021-24634
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197743
|
4.3 |
MEDIUM
Network
|
wpdeveloper
|
countdown_block
|
The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents d…
|
-
|
CVE-2021-24633
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197744
|
6.1 |
MEDIUM
Network
|
wpzoom
|
recipe_card_blocks_for_gutenberg_\&_elementor
|
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-24632
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197745
|
4.8 |
MEDIUM
Network
|
cozmoslabs
|
translatepress
|
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still all…
|
-
|
CVE-2021-24610
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197746
|
4.8 |
MEDIUM
Network
|
hu-manity
|
cookie_notice_\&_compliance_for_gdpr_\/_ccpa
|
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high pri…
|
-
|
CVE-2021-24569
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197747
|
9.8 |
CRITICAL
Network
|
schiocco
|
support_board_-_chat_and_help_desk
|
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before…
|
-
|
CVE-2021-24741
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197748
|
7.2 |
HIGH
Network
|
simple_schools_staff_directory_project
|
simple_schools_staff_directory
|
The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitr…
|
-
|
CVE-2021-24663
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197749
|
6.1 |
MEDIUM
Network
|
limit_login_attempts_project
|
limit_login_attempts
|
The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputtin…
|
-
|
CVE-2021-24657
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197750
|
5.4 |
MEDIUM
Network
|
gutenslider
|
gutenslider
|
The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site…
|
-
|
CVE-2021-24640
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
