|
196131
|
7.2 |
HIGH
Network
|
wow-estore
|
side_menu
|
The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement w…
|
-
|
CVE-2021-24348
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196132
|
8.8 |
HIGH
Network
|
smartypantsplugins
|
sp_project_\&_document_manager
|
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server f…
|
-
|
CVE-2021-24347
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196133
|
5.4 |
MEDIUM
Network
|
stock_in_\&_out_project
|
stock_in_\&_out
|
The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped befor…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24346
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196134
|
6.6 |
MEDIUM
Network
|
sendit_project
|
sendit
|
The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before…
|
-
|
CVE-2021-24345
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196135
|
8.8 |
HIGH
Network
|
xllentech
|
english_islamic_calendar
|
When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the year_number and month_number POST parameters are not sanitised, escaped or validated before being use…
|
-
|
CVE-2021-24341
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196136
|
9.1 |
CRITICAL
Network
|
whatsapp
|
whatsapp
|
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite Wh…
|
CWE-22
Path Traversal
|
CVE-2021-24035
|
2024-11-21 14:52 |
2021-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196137
|
4.8 |
MEDIUM
Network
|
easy_preloader_project
|
easy_preloader
|
The Easy Preloader WordPress plugin through 1.0.0 does not sanitise its setting fields, leading to authenticated (admin+) Stored Cross-Site scripting issues
|
-
|
CVE-2021-24344
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196138
|
4.8 |
MEDIUM
Network
|
iflychat
|
iflychat
|
The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue
|
CWE-79
Cross-site Scripting
|
CVE-2021-24343
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196139
|
6.1 |
MEDIUM
Network
|
jnews
|
jnews
|
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scri…
|
-
|
CVE-2021-24342
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196140
|
7.5 |
HIGH
Network
|
veronalabs
|
wp_statistics
|
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which…
|
-
|
CVE-2021-24340
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
