|
195731
|
4.8 |
MEDIUM
Network
|
qwizcards_project
|
qwizcards
|
The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting at…
|
-
|
CVE-2021-24706
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195732
|
4.8 |
MEDIUM
Network
|
quiz_tool_lite_project
|
quiz_tool_lite
|
The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perfor…
|
-
|
CVE-2021-24701
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195733
|
4.3 |
MEDIUM
Network
|
tipsandtricks-hq
|
simple_download_monitor
|
The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the dow…
|
NVD-CWE-noinfo
|
CVE-2021-24698
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195734
|
6.1 |
MEDIUM
Network
|
tipsandtricks-hq
|
simple_download_monitor
|
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them bac…
|
-
|
CVE-2021-24697
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195735
|
7.5 |
HIGH
Network
|
tipsandtricks-hq
|
simple_download_monitor
|
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to down…
|
-
|
CVE-2021-24695
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195736
|
6.5 |
MEDIUM
Network
|
genie_wp_favicon_project
|
genie_wp_favicon
|
The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2021-24674
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195737
|
8.8 |
HIGH
Network
|
feataholic
|
maz_loader
|
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor t…
|
-
|
CVE-2021-24669
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195738
|
9.0 |
CRITICAL
Network
|
tipsandtricks-hq
|
simple_download_monitor
|
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor …
|
-
|
CVE-2021-24693
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195739
|
4.8 |
MEDIUM
Network
|
igexsolutions
|
wpschoolpress
|
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Sto…
|
-
|
CVE-2021-24664
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195740
|
8.1 |
HIGH
Network
|
genetechsolutions
|
pie_register
|
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing…
|
-
|
CVE-2021-24647
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
