|
194971
|
4.8 |
MEDIUM
Network
|
wprssaggregator
|
wp_rss_aggregator
|
The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unf…
|
-
|
CVE-2021-24768
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194972
|
8.8 |
HIGH
Network
|
mycred
|
mycred
|
The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
|
-
|
CVE-2021-24755
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194973
|
5.4 |
MEDIUM
Network
|
generateblocks
|
generateblocks
|
The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-S…
|
-
|
CVE-2021-24751
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194974
|
4.3 |
MEDIUM
Network
|
kazencoders
|
url_shortify
|
The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and gr…
|
-
|
CVE-2021-24749
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194975
|
8.8 |
HIGH
Network
|
mandsconsulting
|
email_before_download
|
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL inje…
|
-
|
CVE-2021-24748
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194976
|
5.4 |
MEDIUM
Network
|
wpkube
|
about_author_box
|
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as con…
|
-
|
CVE-2021-24745
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194977
|
6.5 |
MEDIUM
Network
|
implecode
|
reviews_plus
|
The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated us…
|
CWE-20
Improper Input Validation
|
CVE-2021-24894
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194978
|
8.8 |
HIGH
Network
|
advanced_forms_project
|
advanced_forms
|
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset passw…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-24892
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194979
|
6.1 |
MEDIUM
Network
|
elementor
|
website_builder
|
The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
|
-
|
CVE-2021-24891
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194980
|
4.8 |
MEDIUM
Network
|
imageboss
|
imageboss
|
The ImageBoss WordPress plugin before 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks
|
-
|
CVE-2021-24888
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
