|
197001
|
5.4 |
MEDIUM
Network
|
automattic
|
wp_super_cache
|
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.
|
-
|
CVE-2021-24329
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197002
|
6.2 |
MEDIUM
Network
|
clogica
|
wp_login_security_and_history
|
The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged …
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2021-24328
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197003
|
5.4 |
MEDIUM
Network
|
deliciousbrains
|
database_backup
|
The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripti…
|
-
|
CVE-2021-24322
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197004
|
9.8 |
CRITICAL
Network
|
bold-themes
|
bello
|
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and b…
|
-
|
CVE-2021-24321
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197005
|
6.1 |
MEDIUM
Network
|
bold-themes
|
bello
|
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_di…
|
-
|
CVE-2021-24320
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197006
|
5.4 |
MEDIUM
Network
|
bold-themes
|
bello
|
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leadin…
|
-
|
CVE-2021-24319
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197007
|
6.5 |
MEDIUM
Network
|
purethemes
|
listeo
|
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-24318
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197008
|
6.1 |
MEDIUM
Network
|
purethemes
|
listeo
|
The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues
|
-
|
CVE-2021-24317
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197009
|
6.1 |
MEDIUM
Network
|
wowthemes
|
mediumish
|
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.
|
-
|
CVE-2021-24316
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197010
|
5.4 |
MEDIUM
Network
|
goprayer
|
wp_prayer
|
The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by us…
|
-
|
CVE-2021-24313
|
2024-11-21 14:52 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
