|
196001
|
6.5 |
MEDIUM
Network
|
nextscripts
|
social_networks_auto_poster
|
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts v…
|
-
|
CVE-2021-25072
|
2024-11-21 14:54 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196002
|
6.1 |
MEDIUM
Network
|
cf7skins
|
contact_form_7_skins
|
The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2021-25063
|
2024-11-21 14:54 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196003
|
6.1 |
MEDIUM
Network
|
asset_cleanup\
|
_page_speed_booster_project
|
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to ad…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24983
|
2024-11-21 14:54 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196004
|
6.1 |
MEDIUM
Network
|
nextscripts
|
social_networks_auto_poster
|
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthent…
|
-
|
CVE-2021-24975
|
2024-11-21 14:54 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196005
|
4.8 |
MEDIUM
Network
|
cusmin
|
absolutely_glamorous_custom_admin
|
The Custom Dashboard & Login Page WordPress plugin before 7.0 does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_ht…
|
-
|
CVE-2021-24944
|
2024-11-21 14:54 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196006
|
6.1 |
MEDIUM
Network
|
asset_cleanup\
|
_page_speed_booster_project
|
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to …
|
-
|
CVE-2021-24937
|
2024-11-21 14:54 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196007
|
6.1 |
MEDIUM
Network
|
yellowpencil
|
visual_css_style_editor
|
The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Script…
|
-
|
CVE-2021-24934
|
2024-11-21 14:54 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196008
|
6.1 |
MEDIUM
Network
|
domaincheckplugin
|
domain_check
|
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue
|
CWE-79
Cross-site Scripting
|
CVE-2021-24926
|
2024-11-21 14:54 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196009
|
8.8 |
HIGH
Network
|
wickedplugins
|
wicked_folders
|
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available …
|
CWE-89
SQL Injection
|
CVE-2021-24919
|
2024-11-21 14:54 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196010
|
6.1 |
MEDIUM
Network
|
roundupwp
|
registrations_for_the_events_calendar
|
The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cro…
|
-
|
CVE-2021-25083
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
