|
197751
|
8.1 |
HIGH
Network
|
ffw
|
omgf
|
The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary…
|
-
|
CVE-2021-24639
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197752
|
9.1 |
CRITICAL
Network
|
ffw
|
omgf
|
The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file …
|
-
|
CVE-2021-24638
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197753
|
5.4 |
MEDIUM
Network
|
fontsplugin
|
fonts
|
The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scrip…
|
-
|
CVE-2021-24637
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197754
|
8.1 |
HIGH
Network
|
print_my_blog_project
|
print_my_blog
|
The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved …
|
-
|
CVE-2021-24636
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197755
|
5.4 |
MEDIUM
Network
|
bootstrapped
|
visual_link_preview
|
The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated u…
|
CWE-862
Missing Authorization
|
CVE-2021-24635
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197756
|
5.4 |
MEDIUM
Network
|
wbolt
|
donate_with_qrcode
|
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not…
|
-
|
CVE-2021-24618
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197757
|
4.8 |
MEDIUM
Network
|
dfactory
|
post_views_counter
|
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the f…
|
-
|
CVE-2021-24613
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197758
|
4.8 |
MEDIUM
Network
|
wp_mapa_politico_espana_project
|
wp_mapa_politico_espana
|
The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Sc…
|
-
|
CVE-2021-24609
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197759
|
8.8 |
HIGH
Network
|
offshorewebmaster
|
availability_calendar
|
The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be ex…
|
-
|
CVE-2021-24606
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197760
|
4.8 |
MEDIUM
Network
|
offshorewebmaster
|
availability_calendar
|
The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privi…
|
-
|
CVE-2021-24604
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
