|
195271
|
6.1 |
MEDIUM
Network
|
social_tape_project
|
social_tape
|
The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stor…
|
-
|
CVE-2021-24411
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195272
|
6.1 |
MEDIUM
Network
|
telugu_bible_verse_daily_project
|
telugu_bible_verse_daily
|
The ?????? ?????? ??????? WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This co…
|
CWE-352
Origin Validation Error
|
CVE-2021-24410
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195273
|
6.1 |
MEDIUM
Network
|
properfraction
|
profilepress
|
The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could b…
|
-
|
CVE-2021-24522
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195274
|
7.2 |
HIGH
Network
|
wow-estore
|
side_menu
|
The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role …
|
-
|
CVE-2021-24521
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195275
|
8.8 |
HIGH
Network
|
coderstimes
|
out_of_stock_message_for_woocommerce
|
The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor…
|
-
|
CVE-2021-24520
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195276
|
5.4 |
MEDIUM
Network
|
a3rev
|
page_view_count
|
The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post m…
|
-
|
CVE-2021-24509
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195277
|
9.8 |
CRITICAL
Network
|
brainstormforce
|
astra
|
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (av…
|
-
|
CVE-2021-24507
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195278
|
5.4 |
MEDIUM
Network
|
madeit
|
forms
|
The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (X…
|
-
|
CVE-2021-24505
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195279
|
4.8 |
MEDIUM
Network
|
flippercode
|
wp_google_map
|
The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, ev…
|
-
|
CVE-2021-24502
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195280
|
8.1 |
HIGH
Network
|
amentotech
|
workreap
|
The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objec…
|
-
|
CVE-2021-24501
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
