|
196811
|
8.1 |
HIGH
Network
|
amentotech
|
workreap
|
The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objec…
|
-
|
CVE-2021-24501
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196812
|
8.1 |
HIGH
Network
|
amentotech
|
workreap
|
Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an atta…
|
CWE-352
Origin Validation Error
|
CVE-2021-24500
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196813
|
9.8 |
CRITICAL
Network
|
amentotech
|
workreap
|
The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid use…
|
-
|
CVE-2021-24499
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196814
|
6.1 |
MEDIUM
Network
|
marmoset
|
marmoset_viewer
|
The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting iss…
|
-
|
CVE-2021-24495
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196815
|
6.5 |
MEDIUM
Network
|
leaflet_map_project
|
leaflet_map
|
The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Fo…
|
-
|
CVE-2021-24467
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196816
|
6.1 |
MEDIUM
Network
|
wplearnmanager
|
wp_learn_manager
|
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and c…
|
-
|
CVE-2021-24504
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196817
|
5.4 |
MEDIUM
Network
|
thememason
|
popular_brand_icons_-_simple_icons
|
The Popular Brand Icons – Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as …
|
-
|
CVE-2021-24503
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196818
|
6.1 |
MEDIUM
Network
|
dwbooster
|
calendar_event_multi_view
|
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a refle…
|
-
|
CVE-2021-24498
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196819
|
6.1 |
MEDIUM
Network
|
community_events_project
|
community_events
|
The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leadin…
|
-
|
CVE-2021-24496
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196820
|
8.8 |
HIGH
Network
|
handsome_testimonials_\&_reviews_project
|
handsome_testimonials_\&_reviews
|
The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hnd…
|
CWE-89
SQL Injection
|
CVE-2021-24492
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
