|
197771
|
7.2 |
HIGH
Network
|
dpl
|
product_feed_on_woocommerce
|
The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before…
|
-
|
CVE-2021-24511
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197772
|
8.8 |
HIGH
Network
|
wp-board_project
|
wp-board
|
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL inje…
|
-
|
CVE-2021-24404
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197773
|
7.2 |
HIGH
Network
|
wpagecontact_project
|
wpagecontact
|
The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL in…
|
-
|
CVE-2021-24403
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197774
|
7.2 |
HIGH
Network
|
solvercircle
|
wp_icommerce
|
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQ…
|
-
|
CVE-2021-24402
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197775
|
8.8 |
HIGH
Network
|
cozmoslabs
|
membership_\&_content_restriction_-_paid_member_subscriptions
|
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement…
|
-
|
CVE-2021-24728
|
2024-11-21 14:53 |
2021-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197776
|
8.8 |
HIGH
Network
|
stopbadbots
|
block_and_stop_bad_bots
|
The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections
|
-
|
CVE-2021-24727
|
2024-11-21 14:53 |
2021-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197777
|
8.8 |
HIGH
Network
|
wpsimplebookingcalendar
|
wp_simple_booking_calendar
|
The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to …
|
-
|
CVE-2021-24726
|
2024-11-21 14:53 |
2021-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197778
|
4.3 |
MEDIUM
Network
|
quantumcloud
|
comment_link_remove_and_other_comment_tools
|
The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbi…
|
-
|
CVE-2021-24725
|
2024-11-21 14:53 |
2021-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197779
|
5.4 |
MEDIUM
Network
|
motopress
|
timetable_and_event_schedule
|
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks agai…
|
-
|
CVE-2021-24724
|
2024-11-21 14:53 |
2021-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197780
|
4.8 |
MEDIUM
Network
|
ticket-system
|
wordpress_advanced_ticket_system
|
The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high…
|
-
|
CVE-2021-24623
|
2024-11-21 14:53 |
2021-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
