|
196541
|
6.1 |
MEDIUM
Network
|
webp_converter_for_media_project
|
webp_converter_for_media
|
The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue
|
-
|
CVE-2021-25074
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196542
|
8.8 |
HIGH
Network
|
webmaster-source
|
wp125
|
The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack
|
-
|
CVE-2021-25073
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196543
|
6.1 |
MEDIUM
Network
|
villatheme
|
orders_tracking_for_woocommerce
|
The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2021-25062
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196544
|
4.8 |
MEDIUM
Network
|
mobileeventsmanager
|
mobile_events_manager
|
The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfil…
|
-
|
CVE-2021-25049
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196545
|
7.2 |
HIGH
Network
|
asgaros
|
asgaros_forum
|
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue
|
-
|
CVE-2021-25045
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196546
|
6.1 |
MEDIUM
Network
|
revmakx
|
backup_and_staging_by_wp_time_capsule
|
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site…
|
-
|
CVE-2021-25035
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196547
|
6.1 |
MEDIUM
Network
|
oxilab
|
image_hover_effects_ultimate
|
The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attrib…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25031
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196548
|
6.1 |
MEDIUM
Network
|
tri
|
event_tickets
|
The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue
|
-
|
CVE-2021-25028
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196549
|
6.1 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2021-25017
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196550
|
6.1 |
MEDIUM
Network
|
mycred
|
mycred
|
The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-25015
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
