|
194961
|
9.8 |
CRITICAL
Network
|
10web
|
photo_gallery
|
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
|
CWE-89
SQL Injection
|
CVE-2021-24139
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194962
|
5.5 |
MEDIUM
Network
|
ajdg
|
adrotate
|
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
|
CWE-89
SQL Injection
|
CVE-2021-24138
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194963
|
8.8 |
HIGH
Network
|
adenion
|
blog2social
|
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
|
CWE-89
SQL Injection
|
CVE-2021-24137
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194964
|
5.4 |
MEDIUM
Network
|
axelerant
|
testimonials_widget
|
Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to i…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24136
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194965
|
6.1 |
MEDIUM
Network
|
gowebsolutions
|
wp_customer_reviews
|
Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24135
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194966
|
4.8 |
MEDIUM
Network
|
constantcontact
|
constant_contact_forms
|
Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-p…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24134
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194967
|
4.3 |
MEDIUM
Network
|
activecampaign
|
activecampaign
|
Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacke…
|
CWE-352
Origin Validation Error
|
CVE-2021-24133
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194968
|
8.8 |
HIGH
Network
|
10web
|
slider
|
The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin)…
|
CWE-89
SQL Injection
|
CVE-2021-24132
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194969
|
7.2 |
HIGH
Network
|
cleantalk
|
anti-spam
|
Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+…
|
CWE-89
SQL Injection
|
CVE-2021-24131
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194970
|
7.2 |
HIGH
Network
|
flippercode
|
wp_google_map
|
Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privilege…
|
CWE-89
SQL Injection
|
CVE-2021-24130
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
