|
195971
|
6.1 |
MEDIUM
Network
|
properfraction
|
profilepress
|
The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could b…
|
-
|
CVE-2021-24522
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195972
|
7.2 |
HIGH
Network
|
wow-estore
|
side_menu
|
The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role …
|
-
|
CVE-2021-24521
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195973
|
8.8 |
HIGH
Network
|
coderstimes
|
out_of_stock_message_for_woocommerce
|
The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor…
|
-
|
CVE-2021-24520
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195974
|
5.4 |
MEDIUM
Network
|
a3rev
|
page_view_count
|
The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post m…
|
-
|
CVE-2021-24509
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195975
|
9.8 |
CRITICAL
Network
|
brainstormforce
|
astra
|
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (av…
|
-
|
CVE-2021-24507
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195976
|
5.4 |
MEDIUM
Network
|
madeit
|
forms
|
The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (X…
|
-
|
CVE-2021-24505
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195977
|
4.8 |
MEDIUM
Network
|
flippercode
|
wp_google_map
|
The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, ev…
|
-
|
CVE-2021-24502
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195978
|
8.1 |
HIGH
Network
|
amentotech
|
workreap
|
The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objec…
|
-
|
CVE-2021-24501
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195979
|
8.1 |
HIGH
Network
|
amentotech
|
workreap
|
Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an atta…
|
CWE-352
Origin Validation Error
|
CVE-2021-24500
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195980
|
9.8 |
CRITICAL
Network
|
amentotech
|
workreap
|
The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid use…
|
-
|
CVE-2021-24499
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
