|
195091
|
5.3 |
MEDIUM
Network
|
b4after
|
osmapper
|
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthent…
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2021-24978
|
2024-11-21 14:54 |
2022-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195092
|
8.8 |
HIGH
Network
|
iptanus
|
wordpress_file_upload_pro
wordpress_file_upload
|
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to uplo…
|
CWE-22
Path Traversal
|
CVE-2021-24962
|
2024-11-21 14:54 |
2022-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195093
|
6.8 |
MEDIUM
Network
|
isc
fedoraproject
netapp
siemens
juniper
|
bind
fedora
h300s_firmware
h500s_firmware
h700s_firmware
h300e_firmware
h500e_firmware
h700e_firmware
h410s_firmware
h410c_firmware
sinec_ins
junos
|
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0,…
|
CWE-444
HTTP Request Smuggling
|
CVE-2021-25220
|
2024-11-21 14:54 |
2022-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195094
|
6.1 |
MEDIUM
Network
|
squirrly
|
seo_plugin_by_squirrly_seo
|
The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripti…
|
-
|
CVE-2021-25019
|
2024-11-21 14:54 |
2022-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195095
|
5.5 |
MEDIUM
Network
|
patreon
|
patreon_wordpress
|
The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when t…
|
-
|
CVE-2021-25026
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195096
|
9.8 |
CRITICAL
Network
|
molie_instructure_canvas_linking_tool_project
|
molie_instructure_canvas_linking_tool
|
The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection
|
-
|
CVE-2021-25007
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195097
|
6.1 |
MEDIUM
Network
|
molie_instructure_canvas_linking_tool_project
|
molie_instructure_canvas_linking_tool
|
The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-25006
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195098
|
9.8 |
CRITICAL
Network
|
wptaskforce
|
wpcargo_track_\&_trace
|
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25003
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195099
|
6.1 |
MEDIUM
Network
|
wki
|
idpay_for_contact_form_7
|
The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2021-24996
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195100
|
4.8 |
MEDIUM
Network
|
html5_responsive_faq_project
|
html5_responsive_faq
|
The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks ev…
|
-
|
CVE-2021-24995
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
