|
196091
|
6.1 |
MEDIUM
Network
|
acymailing
|
acymailing
|
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing pag…
|
-
|
CVE-2021-24288
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196092
|
7.5 |
HIGH
Network
|
cleantalk
|
spam_protection\
_antispam\
_firewall
|
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log func…
|
-
|
CVE-2021-24295
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196093
|
5.4 |
MEDIUM
Network
|
wedevs
|
happy_addons_for_elementor
|
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scriptin…
|
-
|
CVE-2021-24292
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196094
|
6.1 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET p…
|
-
|
CVE-2021-24291
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196095
|
6.1 |
MEDIUM
Network
|
mooveagency
|
select_all_categories_and_taxonomies\
_change_checkbox_to_radio_buttons
|
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, le…
|
-
|
CVE-2021-24287
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196096
|
6.1 |
MEDIUM
Network
|
mooveagency
|
redirect_404_to_parent
|
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
|
-
|
CVE-2021-24286
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196097
|
9.8 |
CRITICAL
Network
|
cars-seller-auto-classifieds-script_project
|
cars-seller-auto-classifieds-script
|
The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate o…
|
-
|
CVE-2021-24285
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196098
|
9.8 |
CRITICAL
Network
|
kaswara_project
|
kaswara
|
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/up…
|
-
|
CVE-2021-24284
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196099
|
5.4 |
MEDIUM
Network
|
pickplugins
|
accordion
|
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.
|
-
|
CVE-2021-24283
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196100
|
6.3 |
MEDIUM
Network
|
querysol
|
redirection_for_contact_form_7
|
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For exam…
|
-
|
CVE-2021-24282
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
