|
196231
|
5.4 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attacker…
|
CWE-352
Origin Validation Error
|
CVE-2021-24166
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196232
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no pr…
|
CWE-601
Open Redirect
|
CVE-2021-24165
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196233
|
4.3 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to es…
|
CWE-862
Missing Authorization
|
CVE-2021-24164
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196234
|
8.8 |
HIGH
Network
|
ninjaforms
|
ninja_forms
|
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such…
|
CWE-862
Missing Authorization
|
CVE-2021-24163
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196235
|
8.8 |
HIGH
Network
|
expresstech
|
responsive_menu
|
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to in…
|
CWE-352
Origin Validation Error
|
CVE-2021-24162
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196236
|
8.8 |
HIGH
Network
|
expresstech
|
responsive_menu
|
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attack…
|
CWE-352
Origin Validation Error
|
CVE-2021-24161
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196237
|
8.8 |
HIGH
Network
|
expresstech
|
responsive_menu
|
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These f…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-24160
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196238
|
8.8 |
HIGH
Network
|
rocklobster
|
contact_form_7
|
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordP…
|
CWE-352
Origin Validation Error
|
CVE-2021-24159
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196239
|
6.5 |
MEDIUM
Network
|
themeisle
|
orbit_fox
|
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which…
|
NVD-CWE-Other
|
CVE-2021-24158
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196240
|
5.4 |
MEDIUM
Network
|
themeisle
|
orbit_fox
|
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving th…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24157
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
