|
195841
|
5.4 |
MEDIUM
Network
|
cminds
|
tooltip_glossary
|
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Sc…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24678
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195842
|
6.1 |
MEDIUM
Network
|
codesolz
|
better_find_and_replace
|
The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-24676
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195843
|
4.8 |
MEDIUM
Network
|
dwbooster
|
appointment_hour_booking
|
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when …
|
-
|
CVE-2021-24673
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195844
|
5.4 |
MEDIUM
Network
|
wpeverest
|
user_registration
|
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJA…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24654
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195845
|
8.1 |
HIGH
Network
|
meowapps
|
meow_gallery
|
The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL s…
|
CWE-89
SQL Injection
|
CVE-2021-24465
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195846
|
5.4 |
MEDIUM
Network
|
mx_time_zone_clocks_project
|
mx_time_zone_clocks
|
The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Sto…
|
-
|
CVE-2021-24671
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195847
|
5.4 |
MEDIUM
Network
|
status301
|
coolclock
|
The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks
|
-
|
CVE-2021-24670
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195848
|
9.8 |
CRITICAL
Network
|
podlove
|
podlove_podcast_publisher
|
The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an…
|
-
|
CVE-2021-24666
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195849
|
4.3 |
MEDIUM
Network
|
wpxpo
|
postx_-_gutenberg_blocks_for_post_grid
|
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post…
|
NVD-CWE-Other
|
CVE-2021-24661
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195850
|
5.4 |
MEDIUM
Network
|
wpxpo
|
postx_-_gutenberg_blocks_for_post_grid
|
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting at…
|
-
|
CVE-2021-24660
|
2024-11-21 14:53 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
