|
196161
|
5.4 |
MEDIUM
Network
|
current_book_project
|
current_book
|
The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser lea…
|
-
|
CVE-2021-24538
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196162
|
6.1 |
MEDIUM
Network
|
custom_login_redirect_project
|
custom_login_redirect
|
The Custom Login Redirect WordPress plugin through 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, …
|
-
|
CVE-2021-24536
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196163
|
6.1 |
MEDIUM
Network
|
light_messages_project
|
light_messages
|
The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them (even with the unfiltered_html disallowed). As a r…
|
-
|
CVE-2021-24535
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196164
|
5.4 |
MEDIUM
Network
|
phonetrack
|
phonetrack_meu_site_manager
|
The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not sanitise or escape its "php_id" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scr…
|
-
|
CVE-2021-24534
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196165
|
9.8 |
CRITICAL
Network
|
cozmoslabs
|
profile_builder
|
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a…
|
-
|
CVE-2021-24527
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196166
|
5.4 |
MEDIUM
Network
|
10web
|
form_maker
|
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in t…
|
-
|
CVE-2021-24526
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196167
|
4.8 |
MEDIUM
Network
|
vikwp
|
car_rental_management_system
|
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such …
|
-
|
CVE-2021-24519
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196168
|
4.8 |
MEDIUM
Network
|
wpfront
|
notification_bar
|
The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the…
|
-
|
CVE-2021-24518
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196169
|
5.4 |
MEDIUM
Network
|
videowhisper
|
video_posts_webcam_recorder
|
The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of v…
|
-
|
CVE-2021-24512
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196170
|
5.4 |
MEDIUM
Network
|
youtube_embed_project
|
youtube_embed
|
The YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. using w, h, controls, cc_lang, color, langua…
|
-
|
CVE-2021-24471
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
