|
195391
|
6.1 |
MEDIUM
Network
|
revmakx
|
backup_and_staging_by_wp_time_capsule
|
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site…
|
-
|
CVE-2021-25035
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195392
|
6.1 |
MEDIUM
Network
|
oxilab
|
image_hover_effects_ultimate
|
The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attrib…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25031
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195393
|
6.1 |
MEDIUM
Network
|
tri
|
event_tickets
|
The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue
|
-
|
CVE-2021-25028
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195394
|
6.1 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2021-25017
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195395
|
6.1 |
MEDIUM
Network
|
mycred
|
mycred
|
The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-25015
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195396
|
6.5 |
MEDIUM
Network
|
themeum
|
qubely
|
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin…
|
CWE-352
Origin Validation Error
|
CVE-2021-25013
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195397
|
6.1 |
MEDIUM
Network
|
codesnippets
|
code_snippets
|
The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-25008
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195398
|
6.5 |
MEDIUM
Network
|
wpplugin
|
accept_donations_with_paypal
|
The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a lo…
|
-
|
CVE-2021-24989
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195399
|
6.1 |
MEDIUM
Network
|
yikesinc
|
easy_forms_for_mailchimp
|
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-…
|
-
|
CVE-2021-24985
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195400
|
6.1 |
MEDIUM
Network
|
wbolt
|
smart_seo_tool
|
The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a…
|
-
|
CVE-2021-24976
|
2024-11-21 14:54 |
2022-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
