|
195451
|
4.8 |
MEDIUM
Network
|
fatcatapps
|
pixel_cat
|
The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disal…
|
-
|
CVE-2021-24972
|
2024-11-21 14:54 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195452
|
7.2 |
HIGH
Network
|
plugins360
|
all-in-one_video_gallery
|
The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Incl…
|
-
|
CVE-2021-24970
|
2024-11-21 14:54 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195453
|
6.1 |
MEDIUM
Network
|
profilepress
|
user_registration\
_login_form\
_user_profile_\&_membership
|
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back…
|
-
|
CVE-2021-24955
|
2024-11-21 14:54 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195454
|
6.1 |
MEDIUM
Network
|
profilepress
|
user_registration\
_login_form\
_user_profile_\&_membership
|
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an ad…
|
-
|
CVE-2021-24954
|
2024-11-21 14:54 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195455
|
9.8 |
CRITICAL
Network
|
thimpress
|
learnpress
|
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Inj…
|
-
|
CVE-2021-24951
|
2024-11-21 14:54 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195456
|
9.8 |
CRITICAL
Network
|
webnus
|
modern_events_calendar_lite
|
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to …
|
-
|
CVE-2021-24946
|
2024-11-21 14:54 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195457
|
8.0 |
HIGH
Network
|
likebtn
|
like_button_rating
|
The Like Button Rating ? LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such…
|
CWE-352
Origin Validation Error
|
CVE-2021-24945
|
2024-11-21 14:54 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195458
|
6.1 |
MEDIUM
Network
|
cm-wp
|
auto_featured_image
|
The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a …
|
-
|
CVE-2021-24932
|
2024-11-21 14:54 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195459
|
6.1 |
MEDIUM
Network
|
webnus
|
modern_events_calendar_lite
|
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated a…
|
-
|
CVE-2021-24925
|
2024-11-21 14:54 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195460
|
9.0 |
CRITICAL
Network
|
fatcatapps
|
pixel_cat
|
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admi…
|
-
|
CVE-2021-24922
|
2024-11-21 14:54 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
