|
194791
|
4.8 |
MEDIUM
Network
|
imageboss
|
imageboss
|
The ImageBoss WordPress plugin before 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks
|
-
|
CVE-2021-24888
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194792
|
4.8 |
MEDIUM
Network
|
tribulant
|
slideshow_gallery
|
The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-…
|
-
|
CVE-2021-24882
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194793
|
7.2 |
HIGH
Network
|
mainwp
|
mainwp_child
|
The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users …
|
-
|
CVE-2021-24877
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194794
|
6.1 |
MEDIUM
Network
|
implecode
|
ecommerce_product_catalog
|
The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected …
|
-
|
CVE-2021-24875
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194795
|
6.1 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting…
|
-
|
CVE-2021-24873
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194796
|
4.8 |
MEDIUM
Network
|
vasyltech
|
advanced_access_manager
|
The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when th…
|
-
|
CVE-2021-24830
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194797
|
5.4 |
MEDIUM
Network
|
wpdeveloper
|
betterlinks
|
The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV.
|
-
|
CVE-2021-24812
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194798
|
5.4 |
MEDIUM
Network
|
infornweb
|
logo_showcase_with_slick_slider
|
The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting atta…
|
-
|
CVE-2021-24729
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194799
|
4.8 |
MEDIUM
Network
|
creativemindssolutions
|
video_lessons_manager
video_lessons_manager_pro
|
The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which coul…
|
-
|
CVE-2021-24713
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194800
|
5.7 |
MEDIUM
Network
|
metagauss
|
download_plugin
|
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate…
|
CWE-352
Origin Validation Error
|
CVE-2021-24703
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
