|
197421
|
6.4 |
MEDIUM
Network
|
childtheme-generator
|
child_theme_generator
|
The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard
|
-
|
CVE-2021-24982
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197422
|
4.9 |
MEDIUM
Network
|
bestwebsoft
|
error_log_viewer
|
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outs…
|
-
|
CVE-2021-24966
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197423
|
8.8 |
HIGH
Network
|
techspawn
|
wp-email-users
|
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL in…
|
-
|
CVE-2021-24959
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197424
|
5.4 |
MEDIUM
Network
|
mekshq
|
meks_easy_photo_feed_widget
|
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and…
|
-
|
CVE-2021-24958
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197425
|
5.4 |
MEDIUM
Network
|
thememove
|
insight_core
|
The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user in…
|
-
|
CVE-2021-24950
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197426
|
6.1 |
MEDIUM
Network
|
woocommerce
|
persian-woocommerce
|
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scr…
|
-
|
CVE-2021-24940
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197427
|
6.5 |
MEDIUM
Network
|
fatcatapps
|
easy_pricing_tables
|
The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog…
|
CWE-352
Origin Validation Error
|
CVE-2021-25098
|
2024-11-21 14:54 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197428
|
7.5 |
HIGH
Network
|
wpdownloadmanager
|
wordpress_download_manager
|
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sens…
|
-
|
CVE-2021-25087
|
2024-11-21 14:54 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197429
|
6.1 |
MEDIUM
Network
|
obtaininfotech
|
multisite_content_copier\/updater
|
The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25039
|
2024-11-21 14:54 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197430
|
6.1 |
MEDIUM
Network
|
obtaininfotech
|
multisite_user_sync\/unsync
|
The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmus_source_blog and wmus_record_per_page parameters before outputting them back in attributes,…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25038
|
2024-11-21 14:54 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
