|
196351
|
8.8 |
HIGH
Network
|
smartypantsplugins
|
sp_project_\&_document_manager
|
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server f…
|
-
|
CVE-2021-24347
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196352
|
5.4 |
MEDIUM
Network
|
stock_in_\&_out_project
|
stock_in_\&_out
|
The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped befor…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24346
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196353
|
6.6 |
MEDIUM
Network
|
sendit_project
|
sendit
|
The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before…
|
-
|
CVE-2021-24345
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196354
|
8.8 |
HIGH
Network
|
xllentech
|
english_islamic_calendar
|
When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the year_number and month_number POST parameters are not sanitised, escaped or validated before being use…
|
-
|
CVE-2021-24341
|
2024-11-21 14:52 |
2021-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196355
|
9.1 |
CRITICAL
Network
|
whatsapp
|
whatsapp
|
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite Wh…
|
CWE-22
Path Traversal
|
CVE-2021-24035
|
2024-11-21 14:52 |
2021-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196356
|
4.8 |
MEDIUM
Network
|
easy_preloader_project
|
easy_preloader
|
The Easy Preloader WordPress plugin through 1.0.0 does not sanitise its setting fields, leading to authenticated (admin+) Stored Cross-Site scripting issues
|
-
|
CVE-2021-24344
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196357
|
4.8 |
MEDIUM
Network
|
iflychat
|
iflychat
|
The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue
|
CWE-79
Cross-site Scripting
|
CVE-2021-24343
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196358
|
6.1 |
MEDIUM
Network
|
jnews
|
jnews
|
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scri…
|
-
|
CVE-2021-24342
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196359
|
7.5 |
HIGH
Network
|
veronalabs
|
wp_statistics
|
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which…
|
-
|
CVE-2021-24340
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196360
|
8.8 |
HIGH
Network
|
video-embed-box_project
|
video-embed-box
|
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowin…
|
-
|
CVE-2021-24337
|
2024-11-21 14:52 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
