|
194961
|
7.5 |
HIGH
Network
|
tipsacarrier_project
|
tipsacarrier
|
The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to re…
|
-
|
CVE-2021-25002
|
2024-11-21 14:54 |
2022-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194962
|
3.9 |
LOW
Physics
|
sophos
|
intercept_x
authenticator
|
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2021-25266
|
2024-11-21 14:54 |
2022-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194963
|
6.1 |
MEDIUM
Network
|
english_wordpress_admin_project
|
english_wordpress_admin
|
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
|
-
|
CVE-2021-25111
|
2024-11-21 14:54 |
2022-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194964
|
8.1 |
HIGH
Network
|
brandexponents
|
tatsu
|
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By ad…
|
-
|
CVE-2021-25094
|
2024-11-21 14:54 |
2022-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194965
|
8.8 |
HIGH
Network
|
advanced_page_visit_counter_project
|
advanced_page_visit_counter
|
The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenti…
|
-
|
CVE-2021-24957
|
2024-11-21 14:54 |
2022-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194966
|
6.1 |
MEDIUM
Network
|
easysocialfeed
|
easy_social_feed
|
The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross…
|
-
|
CVE-2021-25120
|
2024-11-21 14:54 |
2022-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194967
|
5.4 |
MEDIUM
Network
|
wpsofts
|
portfolio_gallery\
_product_catalog_-_grid_kit_portfolio
|
The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such a…
|
-
|
CVE-2021-25090
|
2024-11-21 14:54 |
2022-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194968
|
6.1 |
MEDIUM
Network
|
heateor
|
super_socializer
|
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24987
|
2024-11-21 14:54 |
2022-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194969
|
6.1 |
MEDIUM
Network
|
pickplugins
|
post_grid
|
The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Gr…
|
-
|
CVE-2021-24986
|
2024-11-21 14:54 |
2022-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194970
|
5.4 |
MEDIUM
Network
|
dropdown_menu_widget_project
|
dropdown_menu_widget
|
The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to th…
|
-
|
CVE-2021-25113
|
2024-11-21 14:54 |
2022-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
