|
196231
|
6.5 |
MEDIUM
Network
|
wpbakery_page_builder_clipboard_project
|
wpbakery_page_builder_clipboard
|
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to …
|
-
|
CVE-2021-24244
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196232
|
5.4 |
MEDIUM
Network
|
wpbakery_page_builder_clipboard_project
|
wpbakery_page_builder_clipboard
|
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscri…
|
-
|
CVE-2021-24243
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196233
|
9.8 |
CRITICAL
Network
|
imagements_project
|
imagements
|
The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated …
|
-
|
CVE-2021-24236
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196234
|
6.1 |
MEDIUM
Network
|
daggerhartlab
|
openid_connect_generic_client
|
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue d…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24214
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196235
|
8.8 |
HIGH
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administ…
|
-
|
CVE-2021-24179
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196236
|
8.8 |
HIGH
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in adminis…
|
-
|
CVE-2021-24178
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196237
|
6.1 |
MEDIUM
Network
|
imagely
|
nextgen_gallery
|
In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is a…
|
-
|
CVE-2021-24293
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196238
|
6.1 |
MEDIUM
Network
|
supsystic
|
contact_form
|
The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting i…
|
-
|
CVE-2021-24276
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196239
|
6.1 |
MEDIUM
Network
|
supsystic
|
popup
|
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
|
-
|
CVE-2021-24275
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196240
|
6.1 |
MEDIUM
Network
|
supsystic
|
ultimate_maps
|
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting i…
|
-
|
CVE-2021-24274
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
