|
195981
|
9.8 |
CRITICAL
Network
|
strangerstudios
|
paid_memberships_pro
|
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a…
|
CWE-89
SQL Injection
|
CVE-2021-25114
|
2024-11-21 14:54 |
2022-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195982
|
7.1 |
HIGH
Network
|
ip2location
|
country_blocker
|
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block a…
|
CWE-352
Origin Validation Error
|
CVE-2021-25108
|
2024-11-21 14:54 |
2022-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195983
|
5.4 |
MEDIUM
Network
|
wpeka
|
wplegalpages
|
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its s…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25106
|
2024-11-21 14:54 |
2022-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195984
|
4.8 |
MEDIUM
Network
|
ivorysearch
|
ivory_search
|
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html …
|
CWE-79
Cross-site Scripting
|
CVE-2021-25105
|
2024-11-21 14:54 |
2022-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195985
|
4.7 |
MEDIUM
Network
|
gtranslate
|
translate_wordpress_with_gtranslate
|
The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page,…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25103
|
2024-11-21 14:54 |
2022-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195986
|
6.5 |
MEDIUM
Network
|
ip2location
|
country_blocker
|
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-25096
|
2024-11-21 14:54 |
2022-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195987
|
7.1 |
HIGH
Network
|
ip2location
|
country_blocker
|
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users,…
|
-
|
CVE-2021-25095
|
2024-11-21 14:54 |
2022-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195988
|
4.3 |
MEDIUM
Network
|
bracketspace
|
advanced_cron_manager
|
The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authen…
|
-
|
CVE-2021-25084
|
2024-11-21 14:54 |
2022-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195989
|
6.1 |
MEDIUM
Network
|
visser
|
store_toolkit_for_woocommerce
|
The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected C…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25077
|
2024-11-21 14:54 |
2022-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195990
|
4.8 |
MEDIUM
Network
|
cluevo
|
learning_management_system
|
The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even whe…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25029
|
2024-11-21 14:54 |
2022-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
