|
195061
|
4.3 |
MEDIUM
Network
|
metagauss
|
download_plugin
|
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the…
|
-
|
CVE-2021-25059
|
2024-11-21 14:54 |
2022-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195062
|
6.1 |
MEDIUM
Network
|
premium-themes
|
cryptocurrency_pricing_list_and_ticker
|
The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leadin…
|
-
|
CVE-2021-25044
|
2024-11-21 14:54 |
2022-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195063
|
4.8 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilt…
|
-
|
CVE-2021-25066
|
2024-11-21 14:54 |
2022-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195064
|
4.8 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_h…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25056
|
2024-11-21 14:54 |
2022-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195065
|
6.5 |
MEDIUM
Network
|
bestwebsoft
|
rating
|
The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such…
|
-
|
CVE-2021-25121
|
2024-11-21 14:54 |
2022-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195066
|
6.1 |
MEDIUM
Network
|
oceanwp
|
ocean_extra
|
The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-25104
|
2024-11-21 14:54 |
2022-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195067
|
4.8 |
MEDIUM
Network
|
google_xml_sitemaps_project
|
google_xml_sitemaps
|
The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting a…
|
-
|
CVE-2021-25088
|
2024-11-21 14:54 |
2022-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195068
|
7.8 |
HIGH
Local
|
yandex
|
yandex_browser
|
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symli…
|
CWE-59
Link Following
|
CVE-2021-25261
|
2024-11-21 14:54 |
2022-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195069
|
6.5 |
MEDIUM
Network
|
enqueue_anything_project
|
enqueue_anything
|
The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. …
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2021-25116
|
2024-11-21 14:54 |
2022-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195070
|
7.2 |
HIGH
Network
|
wpsocket
|
automatic_grid_image_listing
|
The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload a…
|
-
|
CVE-2021-25119
|
2024-11-21 14:54 |
2022-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
