|
194951
|
8.8 |
HIGH
Network
|
webnus
|
modern_events_calendar_lite
|
Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an au…
|
CWE-89
SQL Injection
|
CVE-2021-24149
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194952
|
9.8 |
CRITICAL
Network
|
inspireui
|
mstore_api
|
A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cook…
|
CWE-287
Improper Authentication
|
CVE-2021-24148
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194953
|
5.4 |
MEDIUM
Network
|
webnus
|
modern_events_calendar_lite
|
Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing a…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24147
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194954
|
7.5 |
HIGH
Network
|
webnus
|
modern_events_calendar_lite
|
Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to expor…
|
CWE-862
Missing Authorization
|
CVE-2021-24146
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194955
|
7.2 |
HIGH
Network
|
webnus
|
modern_events_calendar_lite
|
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using…
|
-
|
CVE-2021-24145
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194956
|
7.8 |
HIGH
Local
|
ciphercoin
|
contact_form_7_database_addon
|
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2021-24144
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194957
|
8.8 |
HIGH
Network
|
accesspressthemes
|
accesspress_social_icons
|
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injectio…
|
CWE-89
SQL Injection
|
CVE-2021-24143
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194958
|
7.2 |
HIGH
Network
|
webfactoryltd
|
301_redirects
|
Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege u…
|
CWE-89
SQL Injection
|
CVE-2021-24142
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194959
|
7.2 |
HIGH
Network
|
sigmaplugin
|
advanced_database_cleaner
|
Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.
|
CWE-89
SQL Injection
|
CVE-2021-24141
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194960
|
7.2 |
HIGH
Network
|
connekthq
|
ajax_load_more
|
Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.
|
CWE-89
SQL Injection
|
CVE-2021-24140
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
