|
196581
|
8.8 |
HIGH
Network
|
chameleon_css_project
|
chameleon_css
|
The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unautho…
|
-
|
CVE-2021-24626
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196582
|
7.2 |
HIGH
Network
|
web-dorado
|
spidercatalog
|
The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL inj…
|
-
|
CVE-2021-24625
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196583
|
4.8 |
MEDIUM
Network
|
addtoany
|
addtoany_share_buttons
|
The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when t…
|
-
|
CVE-2021-24616
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196584
|
4.8 |
MEDIUM
Network
|
wooassist
|
storefront_footer_text
|
The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks e…
|
-
|
CVE-2021-24607
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196585
|
4.8 |
MEDIUM
Network
|
gtranslate
|
google_language_translator
|
The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege us…
|
-
|
CVE-2021-24594
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196586
|
8.8 |
HIGH
Network
|
igexsolutions
|
wpschoolpress
|
The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection i…
|
-
|
CVE-2021-24575
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196587
|
7.2 |
HIGH
Network
|
shareaholic
|
similar_posts
|
The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFIL…
|
NVD-CWE-Other
|
CVE-2021-24537
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196588
|
4.8 |
MEDIUM
Network
|
e-dynamics
|
events_made_easy
|
The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htm…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24813
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196589
|
8.8 |
HIGH
Network
|
wordplus
|
better_messages
|
The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread,…
|
CWE-352
Origin Validation Error
|
CVE-2021-24809
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196590
|
6.1 |
MEDIUM
Network
|
wordplus
|
better_messages
|
The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflect…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24808
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
