|
195571
|
5.4 |
MEDIUM
Network
|
nicdark
|
cost_calculator
|
The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price S…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24821
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195572
|
4.8 |
MEDIUM
Network
|
wp-eventmanager
|
wp_event_manager
|
The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24810
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195573
|
7.2 |
HIGH
Network
|
wpaffiliatefeed
|
tradetracker-store
|
The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
|
CWE-89
SQL Injection
|
CVE-2021-24778
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195574
|
7.2 |
HIGH
Network
|
hotscot
|
contact_form
|
The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a…
|
CWE-89
SQL Injection
|
CVE-2021-24777
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195575
|
4.8 |
MEDIUM
Network
|
codeasily
|
grand_flagallery
|
The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when…
|
-
|
CVE-2021-24903
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195576
|
4.8 |
MEDIUM
Network
|
securemoz
|
security_audit
|
The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilt…
|
-
|
CVE-2021-24901
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195577
|
4.8 |
MEDIUM
Network
|
editable-table_project
|
editable_table
|
The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even w…
|
-
|
CVE-2021-24898
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195578
|
8.8 |
HIGH
Network
|
wpscan
|
wp_cloudy
|
The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue
|
-
|
CVE-2021-24864
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195579
|
8.1 |
HIGH
Network
|
schiocco
|
support_board
|
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions.…
|
-
|
CVE-2021-24823
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195580
|
6.5 |
MEDIUM
Network
|
bold-themes
|
cost_calculator
|
The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on W…
|
-
|
CVE-2021-24820
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
