|
196271
|
7.2 |
HIGH
Network
|
sigmaplugin
|
advanced_database_cleaner
|
Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.
|
CWE-89
SQL Injection
|
CVE-2021-24141
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196272
|
7.2 |
HIGH
Network
|
connekthq
|
ajax_load_more
|
Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.
|
CWE-89
SQL Injection
|
CVE-2021-24140
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196273
|
9.8 |
CRITICAL
Network
|
10web
|
photo_gallery
|
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
|
CWE-89
SQL Injection
|
CVE-2021-24139
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196274
|
5.5 |
MEDIUM
Network
|
ajdg
|
adrotate
|
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
|
CWE-89
SQL Injection
|
CVE-2021-24138
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196275
|
8.8 |
HIGH
Network
|
adenion
|
blog2social
|
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
|
CWE-89
SQL Injection
|
CVE-2021-24137
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196276
|
5.4 |
MEDIUM
Network
|
axelerant
|
testimonials_widget
|
Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to i…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24136
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196277
|
6.1 |
MEDIUM
Network
|
gowebsolutions
|
wp_customer_reviews
|
Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24135
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196278
|
4.8 |
MEDIUM
Network
|
constantcontact
|
constant_contact_forms
|
Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-p…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24134
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196279
|
4.3 |
MEDIUM
Network
|
activecampaign
|
activecampaign
|
Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacke…
|
CWE-352
Origin Validation Error
|
CVE-2021-24133
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196280
|
8.8 |
HIGH
Network
|
10web
|
slider
|
The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin)…
|
CWE-89
SQL Injection
|
CVE-2021-24132
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
