|
195991
|
4.8 |
MEDIUM
Network
|
any_hostname_project
|
any_hostname
|
The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS paylo…
|
-
|
CVE-2021-24481
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195992
|
4.8 |
MEDIUM
Network
|
event_geek_project
|
event_geek
|
The Event Geek WordPress plugin through 2.5.2 does not sanitise or escape its "Use your own " setting before outputting it in the page, leading to an authenticated (admin+) stored Cross-Site Scriptin…
|
-
|
CVE-2021-24480
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195993
|
4.8 |
MEDIUM
Network
|
drawblog_project
|
drawblog
|
The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue
|
-
|
CVE-2021-24479
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195994
|
5.4 |
MEDIUM
Network
|
bookshelf_project
|
bookshelf
|
The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting i…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24478
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195995
|
6.1 |
MEDIUM
Network
|
migrate_users_project
|
migrate_users
|
The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin …
|
-
|
CVE-2021-24477
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195996
|
5.4 |
MEDIUM
Network
|
steam_group_viewer_project
|
steam_group_viewer
|
The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scri…
|
-
|
CVE-2021-24476
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195997
|
6.1 |
MEDIUM
Network
|
awesome_weather_widget_project
|
awesome_weather_widget
|
The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24474
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195998
|
5.4 |
MEDIUM
Network
|
cozmoslabs
|
user_profile_picture
|
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pi…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-24473
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195999
|
9.8 |
CRITICAL
Network
|
qantumthemes
|
kentharadio
onair2
|
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will…
|
-
|
CVE-2021-24472
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196000
|
5.4 |
MEDIUM
Network
|
yada_wiki_project
|
yada_wiki
|
The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue
|
CWE-79
Cross-site Scripting
|
CVE-2021-24470
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
