|
196201
|
6.1 |
MEDIUM
Network
|
kiboit
|
phastpress
|
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. Ther…
|
CWE-601
Open Redirect
|
CVE-2021-24210
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196202
|
7.2 |
HIGH
Network
|
automattic
|
wp_super_cache
|
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Se…
|
CWE-94
Code Injection
|
CVE-2021-24209
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196203
|
5.4 |
MEDIUM
Network
|
themeum
|
wp_page_builder
|
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24208
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196204
|
4.3 |
MEDIUM
Network
|
themeum
|
wp_page_builder
|
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing …
|
CWE-269
Improper Privilege Management
|
CVE-2021-24207
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196205
|
5.4 |
MEDIUM
Network
|
cm-wp
|
social_slider_widget
|
The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly ech…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24196
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196206
|
5.4 |
MEDIUM
Network
|
clogica
|
seo_redirection
|
The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before …
|
-
|
CVE-2021-24187
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196207
|
6.5 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection th…
|
CWE-89
SQL Injection
|
CVE-2021-24186
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196208
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24206
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196209
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24205
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196210
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24204
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
