|
195861
|
5.4 |
MEDIUM
Network
|
pdf.js_viewer_project
|
pdf.js_viewer
|
The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Sit…
|
-
|
CVE-2021-24759
|
2024-11-21 14:53 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195862
|
4.8 |
MEDIUM
Network
|
reputeinfosystems
|
contact_form\
_survey_\&_popup_form_plugin_for_wordpress_-_arforms_form_builder
|
The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even…
|
-
|
CVE-2021-24718
|
2024-11-21 14:53 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195863
|
4.8 |
MEDIUM
Network
|
soflyy
|
wp_all_import
|
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege…
|
-
|
CVE-2021-24714
|
2024-11-21 14:53 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195864
|
6.1 |
MEDIUM
Network
|
wpchill
|
check_\&_log_email
|
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
|
CWE-79
Cross-site Scripting
|
CVE-2021-24908
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195865
|
4.8 |
MEDIUM
Network
|
media-tags_project
|
media-tags
|
The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the u…
|
-
|
CVE-2021-24899
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195866
|
7.2 |
HIGH
Network
|
ninjaforms
|
ninja_forms
|
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks
|
-
|
CVE-2021-24889
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195867
|
5.4 |
MEDIUM
Network
|
essentialplugin
|
popup_anything
|
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripti…
|
-
|
CVE-2021-24883
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195868
|
6.1 |
MEDIUM
Network
|
roundupwp
|
registrations_for_the_events_calendar
|
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2021-24876
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195869
|
7.2 |
HIGH
Network
|
bannersky
|
bsk_pdf_manager
|
The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue
|
-
|
CVE-2021-24860
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195870
|
5.4 |
MEDIUM
Network
|
bulk_datetime_change_project
|
bulk_datetime_change
|
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the post…
|
CWE-863
Incorrect Authorization
|
CVE-2021-24842
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
