|
195981
|
6.1 |
MEDIUM
Network
|
marmoset
|
marmoset_viewer
|
The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting iss…
|
-
|
CVE-2021-24495
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195982
|
6.5 |
MEDIUM
Network
|
leaflet_map_project
|
leaflet_map
|
The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Fo…
|
-
|
CVE-2021-24467
|
2024-11-21 14:53 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195983
|
6.1 |
MEDIUM
Network
|
wplearnmanager
|
wp_learn_manager
|
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and c…
|
-
|
CVE-2021-24504
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195984
|
5.4 |
MEDIUM
Network
|
thememason
|
popular_brand_icons_-_simple_icons
|
The Popular Brand Icons – Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as …
|
-
|
CVE-2021-24503
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195985
|
6.1 |
MEDIUM
Network
|
dwbooster
|
calendar_event_multi_view
|
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a refle…
|
-
|
CVE-2021-24498
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195986
|
6.1 |
MEDIUM
Network
|
community_events_project
|
community_events
|
The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leadin…
|
-
|
CVE-2021-24496
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195987
|
8.8 |
HIGH
Network
|
handsome_testimonials_\&_reviews_project
|
handsome_testimonials_\&_reviews
|
The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hnd…
|
CWE-89
SQL Injection
|
CVE-2021-24492
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195988
|
6.1 |
MEDIUM
Network
|
pickplugins
|
post_grid
|
The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross…
|
-
|
CVE-2021-24488
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195989
|
7.2 |
HIGH
Network
|
ays-pro
|
secure_copy_content_protection_and_content_locking
|
The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL state…
|
-
|
CVE-2021-24484
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195990
|
7.2 |
HIGH
Network
|
ays-pro
|
poll_maker
|
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL state…
|
-
|
CVE-2021-24483
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
