|
195041
|
6.1 |
MEDIUM
Network
|
expresstech
|
quiz_and_survey_master
|
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading …
|
-
|
CVE-2021-24368
|
2024-11-21 14:52 |
2021-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195042
|
9.8 |
CRITICAL
Network
|
facebook
|
hermes
|
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScri…
|
CWE-416
Use After Free
|
CVE-2021-24037
|
2024-11-21 14:52 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195043
|
5.4 |
MEDIUM
Network
|
nextendweb
|
smart_slider
|
The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, o…
|
-
|
CVE-2021-24382
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195044
|
6.5 |
MEDIUM
Network
|
kohsei-works
|
yes\/no_chart
|
The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL In…
|
-
|
CVE-2021-24360
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195045
|
6.1 |
MEDIUM
Network
|
posimyth
|
the_plus_addons_for_elementor
|
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Red…
|
-
|
CVE-2021-24358
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195046
|
5.4 |
MEDIUM
Network
|
fooplugins
|
foogallery
|
In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output…
|
-
|
CVE-2021-24357
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195047
|
8.8 |
HIGH
Network
|
wpdeveloper
|
simple_301_redirects
|
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made i…
|
-
|
CVE-2021-24356
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195048
|
4.3 |
MEDIUM
Network
|
wpdeveloper
|
simple_301_redirects
|
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and sim…
|
-
|
CVE-2021-24355
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195049
|
8.8 |
HIGH
Network
|
wpdeveloper
|
simple_301_redirects
|
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to insta…
|
-
|
CVE-2021-24354
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195050
|
8.8 |
HIGH
Network
|
wpdeveloper
|
simple_301_redirects
|
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of sit…
|
-
|
CVE-2021-24353
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
