|
196231
|
4.8 |
MEDIUM
Network
|
fetchdesigns
|
sign-up_sheets
|
The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored…
|
-
|
CVE-2021-24440
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196232
|
5.4 |
MEDIUM
Network
|
prothemedesign
|
browser_screenshots
|
The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the …
|
-
|
CVE-2021-24439
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196233
|
6.1 |
MEDIUM
Network
|
codeblab
|
glass
|
The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did…
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2021-24434
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196234
|
6.1 |
MEDIUM
Network
|
salonbookingsystem
|
salon_booking_system
|
The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set J…
|
-
|
CVE-2021-24429
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196235
|
4.8 |
MEDIUM
Network
|
boldgrid
|
w3_total_cache
|
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leadin…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24427
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196236
|
4.8 |
MEDIUM
Network
|
web-dorado
|
backup-wd
|
The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site …
|
-
|
CVE-2021-24426
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196237
|
5.4 |
MEDIUM
Network
|
webfactoryltd
|
wp_reset
|
The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an auth…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24424
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196238
|
5.4 |
MEDIUM
Network
|
eyecix
|
jobsearch_wp_job_board
|
The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use Ja…
|
-
|
CVE-2021-24421
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196239
|
5.4 |
MEDIUM
Network
|
emarketdesign
|
request_a_quote
|
The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quo…
|
-
|
CVE-2021-24420
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196240
|
4.8 |
MEDIUM
Network
|
wp_youtube_lyte_project
|
wp_youtube_lyte
|
The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users…
|
-
|
CVE-2021-24419
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
