|
196171
|
6.1 |
MEDIUM
Network
|
verse-o-matic_project
|
verse-o-matic
|
The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary ver…
|
-
|
CVE-2021-24466
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196172
|
5.5 |
MEDIUM
Network
|
draftpress
|
my_site_audit
|
The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when h…
|
-
|
CVE-2021-24445
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196173
|
6.1 |
MEDIUM
Network
|
social_tape_project
|
social_tape
|
The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stor…
|
-
|
CVE-2021-24411
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196174
|
6.1 |
MEDIUM
Network
|
telugu_bible_verse_daily_project
|
telugu_bible_verse_daily
|
The ?????? ?????? ??????? WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This co…
|
CWE-352
Origin Validation Error
|
CVE-2021-24410
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196175
|
6.1 |
MEDIUM
Network
|
properfraction
|
profilepress
|
The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could b…
|
-
|
CVE-2021-24522
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196176
|
7.2 |
HIGH
Network
|
wow-estore
|
side_menu
|
The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role …
|
-
|
CVE-2021-24521
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196177
|
8.8 |
HIGH
Network
|
coderstimes
|
out_of_stock_message_for_woocommerce
|
The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor…
|
-
|
CVE-2021-24520
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196178
|
5.4 |
MEDIUM
Network
|
a3rev
|
page_view_count
|
The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post m…
|
-
|
CVE-2021-24509
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196179
|
9.8 |
CRITICAL
Network
|
brainstormforce
|
astra
|
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (av…
|
-
|
CVE-2021-24507
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196180
|
5.4 |
MEDIUM
Network
|
madeit
|
forms
|
The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (X…
|
-
|
CVE-2021-24505
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
