|
196601
|
4.8 |
MEDIUM
Network
|
motopress
|
restaurant_menu
|
The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site S…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24722
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196602
|
8.8 |
HIGH
Network
|
automatorwp
|
automatorwp
|
The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, cal…
|
CWE-863
Incorrect Authorization
|
CVE-2021-24717
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196603
|
5.4 |
MEDIUM
Network
|
webnus
|
modern_events_calendar_lite
|
The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin.
|
CWE-79
Cross-site Scripting
|
CVE-2021-24716
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196604
|
4.8 |
MEDIUM
Network
|
wp_sitemap_page_project
|
wp_sitemap_page
|
The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24715
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196605
|
5.4 |
MEDIUM
Network
|
flat_preloader_project
|
flat_preloader
|
The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in …
|
-
|
CVE-2021-24685
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196606
|
5.4 |
MEDIUM
Network
|
wpkube
|
cool_tag_cloud
|
The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24682
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196607
|
4.8 |
MEDIUM
Network
|
sonaar
|
mp3_audio_player_for_music\
_radio_\&_podcast
|
The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to pe…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24624
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196608
|
4.3 |
MEDIUM
Network
|
wpplugin
|
accept_donations_with_paypal
|
The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and …
|
-
|
CVE-2021-24572
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196609
|
4.3 |
MEDIUM
Network
|
wpplugin
|
accept_donations_with_paypal
|
The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An…
|
-
|
CVE-2021-24570
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196610
|
4.8 |
MEDIUM
Network
|
dazzlersoftware
|
coming_soon\
_under_construction_\&_maintenance_mode_by_dazzler
|
The Coming Soon, Under Construction & Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming …
|
-
|
CVE-2021-24539
|
2024-11-21 14:53 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
