|
196241
|
4.8 |
MEDIUM
Network
|
smooth_scroll_page_up\/down_buttons_project
|
smooth_scroll_page_up\/down_buttons
|
The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS pay…
|
-
|
CVE-2021-24418
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196242
|
6.1 |
MEDIUM
Network
|
plugin-planet
|
prismatic
|
The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed i…
|
-
|
CVE-2021-24409
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196243
|
5.4 |
MEDIUM
Network
|
plugin-planet
|
prismatic
|
The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post ma…
|
-
|
CVE-2021-24408
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196244
|
5.4 |
MEDIUM
Network
|
deliciousbrains
|
wp_offload_ses_lite
|
The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to…
|
-
|
CVE-2021-24494
|
2024-11-21 14:53 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196245
|
7.2 |
HIGH
Network
|
export_users_with_meta_project
|
export_users_with_meta
|
The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to a…
|
-
|
CVE-2021-24451
|
2024-11-21 14:53 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196246
|
6.1 |
MEDIUM
Network
|
tielabs
|
jannah
|
The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.
|
-
|
CVE-2021-24407
|
2024-11-21 14:53 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196247
|
6.1 |
MEDIUM
Network
|
gvectors
|
wpforo_forum
|
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could …
|
-
|
CVE-2021-24406
|
2024-11-21 14:53 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196248
|
6.5 |
MEDIUM
Network
|
izsoft
|
easy_cookies_policy
|
The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If user…
|
NVD-CWE-Other
|
CVE-2021-24405
|
2024-11-21 14:53 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196249
|
7.2 |
HIGH
Network
|
benjaminrojas
|
wp_editor
|
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a req…
|
CWE-89
SQL Injection
|
CVE-2021-24151
|
2024-11-21 14:52 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196250
|
6.1 |
MEDIUM
Network
|
mozilla
|
bleach
|
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed ta…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23980
|
2024-11-21 14:52 |
2023-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
