|
196441
|
8.8 |
HIGH
Network
|
classyfrieds_project
|
classyfrieds
|
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authe…
|
-
|
CVE-2021-24253
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196442
|
7.2 |
HIGH
Network
|
wp-eventmanager
|
event_banner
|
The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-24252
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196443
|
4.3 |
MEDIUM
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in admini…
|
-
|
CVE-2021-24251
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196444
|
5.4 |
MEDIUM
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stor…
|
-
|
CVE-2021-24250
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196445
|
6.5 |
MEDIUM
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in admini…
|
-
|
CVE-2021-24249
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196446
|
7.2 |
HIGH
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach,…
|
-
|
CVE-2021-24248
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196447
|
5.4 |
MEDIUM
Network
|
mooveagency
|
contact_form_check_tester
|
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as …
|
-
|
CVE-2021-24247
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196448
|
5.4 |
MEDIUM
Network
|
purethemes
|
workscout_core
workscout
|
The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scr…
|
-
|
CVE-2021-24246
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196449
|
6.1 |
MEDIUM
Network
|
trumani
|
stop_spammers
|
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags…
|
-
|
CVE-2021-24245
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196450
|
6.5 |
MEDIUM
Network
|
wpbakery_page_builder_clipboard_project
|
wpbakery_page_builder_clipboard
|
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to …
|
-
|
CVE-2021-24244
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
