|
196291
|
6.1 |
MEDIUM
Network
|
i-plugins
|
whmcs_bridge
|
The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2021-25112
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196292
|
6.5 |
MEDIUM
Network
|
wpgooglemap
|
wp_google_map
|
The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts …
|
-
|
CVE-2021-25081
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196293
|
5.4 |
MEDIUM
Network
|
plugins-market
|
wp_visitor_statistics_\(real_time_traffic\)
|
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, o…
|
-
|
CVE-2021-25042
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196294
|
6.1 |
MEDIUM
Network
|
wp_user_project
|
wp_user
|
The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues
|
-
|
CVE-2021-25034
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196295
|
5.7 |
MEDIUM
Network
|
wpgooglemap
|
wp_google_map
|
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscri…
|
CWE-352
Origin Validation Error
|
CVE-2021-25011
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196296
|
9.6 |
CRITICAL
Network
|
postsnippets
|
post_snippets
|
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers ar…
|
-
|
CVE-2021-25010
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196297
|
6.1 |
MEDIUM
Network
|
wpvivid
|
migration\
_backup\
_staging
|
The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated re…
|
-
|
CVE-2021-24994
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196298
|
6.1 |
MEDIUM
Network
|
use_any_font_project
|
use_any_font
|
The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will the…
|
CWE-862
Missing Authorization
|
CVE-2021-24977
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196299
|
5.4 |
MEDIUM
Network
|
magnigenie
|
wp_responsive_menu
|
The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. A…
|
-
|
CVE-2021-24971
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196300
|
5.4 |
MEDIUM
Network
|
bootstrapped
|
dynamic_widgets
|
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24933
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
