|
195411
|
8.8 |
HIGH
Network
|
aioseo
|
all_in_one_seo
|
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2021-25036
|
2024-11-21 14:54 |
2022-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195412
|
4.3 |
MEDIUM
Network
|
theeventscalendar
|
eventcalendar
|
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create e…
|
-
|
CVE-2021-25025
|
2024-11-21 14:54 |
2022-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195413
|
6.1 |
MEDIUM
Network
|
theeventscalendar
|
eventcalendar
|
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues
|
-
|
CVE-2021-25024
|
2024-11-21 14:54 |
2022-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195414
|
4.8 |
MEDIUM
Network
|
seur_oficial_project
|
seur_oficial
|
The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html ca…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25005
|
2024-11-21 14:54 |
2022-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195415
|
8.8 |
HIGH
Network
|
wow-company
|
wpcalc
|
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.
|
-
|
CVE-2021-25054
|
2024-11-21 14:54 |
2022-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195416
|
8.8 |
HIGH
Network
|
wow-company
|
wp_coder
|
The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to…
|
-
|
CVE-2021-25053
|
2024-11-21 14:54 |
2022-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195417
|
8.8 |
HIGH
Network
|
wow-company
|
button_generator
|
The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus le…
|
-
|
CVE-2021-25052
|
2024-11-21 14:54 |
2022-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195418
|
8.8 |
HIGH
Network
|
wow-company
|
modal_window
|
The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leadin…
|
CWE-352
Origin Validation Error
|
CVE-2021-25051
|
2024-11-21 14:54 |
2022-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195419
|
6.1 |
MEDIUM
Network
|
10web
|
10websocial
|
The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform su…
|
-
|
CVE-2021-25047
|
2024-11-21 14:54 |
2022-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195420
|
6.1 |
MEDIUM
Network
|
pluginus
|
woocommerce_currency_switcher
|
The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-25043
|
2024-11-21 14:54 |
2022-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
