|
195081
|
9.8 |
CRITICAL
Network
|
bold-themes
|
bello
|
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and b…
|
-
|
CVE-2021-24321
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195082
|
6.1 |
MEDIUM
Network
|
bold-themes
|
bello
|
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_di…
|
-
|
CVE-2021-24320
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195083
|
5.4 |
MEDIUM
Network
|
bold-themes
|
bello
|
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leadin…
|
-
|
CVE-2021-24319
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195084
|
6.5 |
MEDIUM
Network
|
purethemes
|
listeo
|
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-24318
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195085
|
6.1 |
MEDIUM
Network
|
purethemes
|
listeo
|
The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues
|
-
|
CVE-2021-24317
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195086
|
6.1 |
MEDIUM
Network
|
wowthemes
|
mediumish
|
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.
|
-
|
CVE-2021-24316
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195087
|
5.4 |
MEDIUM
Network
|
goprayer
|
wp_prayer
|
The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by us…
|
-
|
CVE-2021-24313
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195088
|
7.2 |
HIGH
Network
|
automattic
|
wp_super_cache
|
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 resul…
|
CWE-78
OS Command
|
CVE-2021-24312
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195089
|
8.8 |
HIGH
Network
|
external_media_project
|
external_media
|
The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users.
|
-
|
CVE-2021-24311
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195090
|
4.8 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in …
|
-
|
CVE-2021-24310
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
