|
195891
|
5.7 |
MEDIUM
Network
|
metagauss
|
download_plugin
|
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate…
|
CWE-352
Origin Validation Error
|
CVE-2021-24703
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195892
|
4.8 |
MEDIUM
Network
|
incsub
|
forminator
|
The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilter…
|
-
|
CVE-2021-24700
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195893
|
4.3 |
MEDIUM
Network
|
feataholic
|
maz_loader
|
The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack
|
-
|
CVE-2021-24668
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195894
|
7.5 |
HIGH
Network
|
imagestowebp_project
|
images_to_webp
|
The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue
|
-
|
CVE-2021-24644
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195895
|
8.1 |
HIGH
Network
|
imagestowebp_project
|
images_to_webp
|
The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service…
|
-
|
CVE-2021-24641
|
2024-11-21 14:53 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195896
|
4.8 |
MEDIUM
Network
|
tammersoft
|
shared_files
|
The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even wh…
|
-
|
CVE-2021-24856
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195897
|
5.4 |
MEDIUM
Network
|
qr_redirector_project
|
qr_redirector
|
The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Script…
|
-
|
CVE-2021-24854
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195898
|
4.3 |
MEDIUM
Network
|
qr_redirector_project
|
qr_redirector
|
The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated us…
|
CWE-352
Origin Validation Error
|
CVE-2021-24853
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195899
|
6.5 |
MEDIUM
Network
|
mousewheel_smooth_scroll_project
|
mousewheel_smooth_scroll
|
The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack
|
-
|
CVE-2021-24852
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195900
|
4.3 |
MEDIUM
Network
|
insert_pages_project
|
insert_pages
|
The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie priva…
|
CWE-862
Missing Authorization
|
CVE-2021-24851
|
2024-11-21 14:53 |
2021-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
