|
196561
|
6.5 |
MEDIUM
Network
|
loco_translate_project
|
loco_translate
|
The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users b…
|
-
|
CVE-2021-24721
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196562
|
4.8 |
MEDIUM
Network
|
print-o-matic_project
|
print-o-matic
|
The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attack…
|
-
|
CVE-2021-24710
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196563
|
4.8 |
MEDIUM
Network
|
wp_all_export_project
|
wp_all_export
|
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to per…
|
-
|
CVE-2021-24708
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196564
|
4.8 |
MEDIUM
Network
|
qwizcards_project
|
qwizcards
|
The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting at…
|
-
|
CVE-2021-24706
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196565
|
4.8 |
MEDIUM
Network
|
quiz_tool_lite_project
|
quiz_tool_lite
|
The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perfor…
|
-
|
CVE-2021-24701
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196566
|
4.3 |
MEDIUM
Network
|
tipsandtricks-hq
|
simple_download_monitor
|
The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the dow…
|
NVD-CWE-noinfo
|
CVE-2021-24698
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196567
|
6.1 |
MEDIUM
Network
|
tipsandtricks-hq
|
simple_download_monitor
|
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them bac…
|
-
|
CVE-2021-24697
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196568
|
7.5 |
HIGH
Network
|
tipsandtricks-hq
|
simple_download_monitor
|
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to down…
|
-
|
CVE-2021-24695
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196569
|
6.5 |
MEDIUM
Network
|
genie_wp_favicon_project
|
genie_wp_favicon
|
The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2021-24674
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196570
|
8.8 |
HIGH
Network
|
feataholic
|
maz_loader
|
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor t…
|
-
|
CVE-2021-24669
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
