|
196911
|
8.8 |
HIGH
Network
|
feataholic
|
maz_loader
|
The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor t…
|
-
|
CVE-2021-24669
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196912
|
9.0 |
CRITICAL
Network
|
tipsandtricks-hq
|
simple_download_monitor
|
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor …
|
-
|
CVE-2021-24693
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196913
|
4.8 |
MEDIUM
Network
|
igexsolutions
|
wpschoolpress
|
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Sto…
|
-
|
CVE-2021-24664
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196914
|
8.1 |
HIGH
Network
|
genetechsolutions
|
pie_register
|
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing…
|
-
|
CVE-2021-24647
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196915
|
4.8 |
MEDIUM
Network
|
bookingholdings
|
booking.com_banner_creator
|
The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks ev…
|
-
|
CVE-2021-24646
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196916
|
4.8 |
MEDIUM
Network
|
bookingholdings
|
booking.com_product_helper
|
The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Sc…
|
-
|
CVE-2021-24645
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196917
|
8.8 |
HIGH
Network
|
unlimited_popups_project
|
unlimited_popups
|
The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authentica…
|
-
|
CVE-2021-24631
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196918
|
8.8 |
HIGH
Network
|
schreikasten_project
|
schreikasten
|
The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authent…
|
-
|
CVE-2021-24630
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196919
|
7.2 |
HIGH
Network
|
post_content_xmlrpc_project
|
post_content_xmlrpc
|
The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated S…
|
-
|
CVE-2021-24629
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196920
|
7.2 |
HIGH
Network
|
wow-company
|
wow_forms
|
The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authentic…
|
CWE-89
SQL Injection
|
CVE-2021-24628
|
2024-11-21 14:53 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
