|
194741
|
8.8 |
HIGH
Network
|
wp_visitor_statistics_\(real_time_traffic\)_project
|
wp_visitor_statistics_\(real_time_traffic\)
|
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which co…
|
CWE-89
SQL Injection
|
CVE-2021-24750
|
2024-11-21 14:53 |
2021-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194742
|
8.1 |
HIGH
Network
|
shapedplugin
|
logo_carousel
|
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature
|
-
|
CVE-2021-24739
|
2024-11-21 14:53 |
2021-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194743
|
5.4 |
MEDIUM
Network
|
shapedplugin
|
logo_carousel
|
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site …
|
-
|
CVE-2021-24738
|
2024-11-21 14:53 |
2021-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194744
|
6.1 |
MEDIUM
Network
|
themeboy
|
sportspress
|
The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-24578
|
2024-11-21 14:53 |
2021-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194745
|
4.8 |
MEDIUM
Network
|
calderaforms
|
caldera_forms
|
The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting a…
|
-
|
CVE-2021-24896
|
2024-11-21 14:53 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194746
|
6.5 |
MEDIUM
Network
|
get_custom_field_values_project
|
get_custom_field_values
|
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access a…
|
-
|
CVE-2021-24872
|
2024-11-21 14:53 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194747
|
5.4 |
MEDIUM
Network
|
get_custom_field_values_project
|
get_custom_field_values
|
The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-…
|
-
|
CVE-2021-24871
|
2024-11-21 14:53 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194748
|
9.8 |
CRITICAL
Network
|
stopbadbots
|
block_and_stop_bad_bots
|
The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL state…
|
CWE-89
SQL Injection
|
CVE-2021-24863
|
2024-11-21 14:53 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194749
|
7.2 |
HIGH
Network
|
quotes_collection_project
|
quotes_collection
|
The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection
|
-
|
CVE-2021-24861
|
2024-11-21 14:53 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194750
|
4.3 |
MEDIUM
Network
|
user_meta_shortcodes_project
|
user_meta_shortcodes
|
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a par…
|
-
|
CVE-2021-24859
|
2024-11-21 14:53 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
