|
197401
|
7.2 |
HIGH
Network
|
metagauss
|
registrationmagic
|
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could l…
|
-
|
CVE-2021-24862
|
2024-11-21 14:53 |
2022-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197402
|
7.5 |
HIGH
Network
|
stars_rating_project
|
stars_rating
|
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment das…
|
CWE-20
Improper Input Validation
|
CVE-2021-24893
|
2024-11-21 14:53 |
2022-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197403
|
7.5 |
HIGH
Network
|
rich-web
|
tab
|
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such …
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2021-24831
|
2024-11-21 14:53 |
2022-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197404
|
5.4 |
MEDIUM
Network
|
mlcalc
|
mortgage_calculator\/loan_calculator
|
The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24828
|
2024-11-21 14:53 |
2022-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197405
|
7.2 |
HIGH
Network
|
wpchill
|
download_monitor
|
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Inject…
|
CWE-89
SQL Injection
|
CVE-2021-24786
|
2024-11-21 14:53 |
2022-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197406
|
5.4 |
MEDIUM
Network
|
wptravelengine
|
wp_travel_engine
|
The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24680
|
2024-11-21 14:53 |
2022-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197407
|
4.8 |
MEDIUM
Network
|
typebot
|
typebot
|
The Typebot | Build beautiful conversational forms WordPress plugin before 1.4.3 does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scri…
|
-
|
CVE-2021-24902
|
2024-11-21 14:53 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197408
|
6.1 |
MEDIUM
Network
|
tickera
|
tickera
|
The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthentica…
|
-
|
CVE-2021-24797
|
2024-11-21 14:53 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197409
|
7.2 |
HIGH
Network
|
starfish
|
rich_review
|
The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authentic…
|
CWE-89
SQL Injection
|
CVE-2021-24753
|
2024-11-21 14:53 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197410
|
6.1 |
MEDIUM
Network
|
wpeverest
|
everest_forms
|
The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Script…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24907
|
2024-11-21 14:53 |
2021-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
