|
196971
|
6.1 |
MEDIUM
Network
|
pickplugins
|
post_grid
|
The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Gr…
|
-
|
CVE-2021-24986
|
2024-11-21 14:54 |
2022-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196972
|
5.4 |
MEDIUM
Network
|
dropdown_menu_widget_project
|
dropdown_menu_widget
|
The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to th…
|
-
|
CVE-2021-25113
|
2024-11-21 14:54 |
2022-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196973
|
5.4 |
MEDIUM
Network
|
king-theme
|
kingcomposer
|
The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cros…
|
-
|
CVE-2021-25048
|
2024-11-21 14:54 |
2022-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196974
|
6.1 |
MEDIUM
Network
|
inpsyde
|
akismet_privacy_policies
|
The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2021-25071
|
2024-11-21 14:54 |
2022-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196975
|
9.8 |
CRITICAL
Network
|
stopbadbots
|
block_and_stop_bad_bots
|
The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue
|
-
|
CVE-2021-25070
|
2024-11-21 14:54 |
2022-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196976
|
7.2 |
HIGH
Network
|
dpl
|
sync_woocommerce_product_feed_to_google_shopping
|
The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL inje…
|
-
|
CVE-2021-25068
|
2024-11-21 14:54 |
2022-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196977
|
7.2 |
HIGH
Network
|
wow-company
|
wow_countdowns
|
The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.
|
-
|
CVE-2021-25064
|
2024-11-21 14:54 |
2022-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196978
|
6.1 |
MEDIUM
Network
|
popozure
|
pz-linkcard
|
The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues
|
-
|
CVE-2021-25012
|
2024-11-21 14:54 |
2022-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196979
|
5.3 |
MEDIUM
Network
|
b4after
|
osmapper
|
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthent…
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2021-24978
|
2024-11-21 14:54 |
2022-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196980
|
8.8 |
HIGH
Network
|
iptanus
|
wordpress_file_upload_pro
wordpress_file_upload
|
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to uplo…
|
CWE-22
Path Traversal
|
CVE-2021-24962
|
2024-11-21 14:54 |
2022-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
